AVP - Global IS Governance, Risk and Compliance (GRC)

We invite you to explore a future with us at PRA Group, a diverse and growing company that has a tangible impact on the global economy.

Position Summary: 

AVP, Global IS Governance, Risk and Compliance (GRC)

The AVP, Global IS Governance, Risk and Compliance (GRC) will lead a team of diverse individuals and will be responsible for working with stakeholders across all of PRA Group’s Business Units. The AVP, Global IS GRC’s role is to assess and oversee all technology-related governance, risk, and compliance issues within the Information Technology and Information Security Departments, including auditing, security training and awareness, policy and procedure build and review, disaster recovery, incident response and data integrity. This includes providing objective internal and third-party risk assessments of the company's compliance with regulatory, organizational, and commercial requirements governing the organization's information technology systems.

The AVP, Global IS GRC will direct the development and implementation of policies, procedures, standards, and controls to ensure that the organization's practices remain observant to all pertinent local, state/province/county and federal laws and industry standards. The AVP, Global IS GRC will support the CISO with departmental operational tasks including budgeting, strategy, metrics development/delivery, and project alignment.

In this role, the AVP, IS GRC will work directly with non-IT compliance professionals such as legal, audit and corporate compliance to ensure organizational alignment.

Required Education and Experience:

• Master's degree in Business Administration, Computer Science, Information Systems, Cybersecurity, or a related field.
• 10+ years’ experience in an information security environment, with a strong focus on Global Governance, Risk, and Compliance.
• 5+ years’ supervisory or management experience, preferably in a global organization.
• Strong experience with Governance, Risk, and Compliance frameworks, including IT control self-assessment, measurement, remediation, exception management, reporting, and advanced IT risk evaluation.
• Demonstrated expertise and leadership in risk frameworks.
• Strong knowledge of the Sarbanes-Oxley Act, System and Organization Controls (SOC) framework, ISO 27000 Framework, PCI-DSS, and SEC guidance related to audits of the internal control environment. Also, familiar with PIPEDA (Canada), GLBA, SOX (USA), LGPD (Brazil), and the Privacy Act 1988 (Australia.
• Strong background regarding audits, compliance, privacy (GDPR and DORA) and security provisions 
• Certifications such as CISSP, CISA, CISM, CRISC, or other relevant certifications are required.

Key Responsibilities:

• Develop and implement a Global GRC strategy that aligns with the organization’s objectives and risk appetite. Ensure integration of GRC activities with enterprise risk management and corporate governance frameworks.
• Ensure adherence to global financial information security and privacy regulations, including GDPR (Europe), PIPEDA (Canada), GLBA, SOX (USA), LGPD (Brazil), the Privacy Act 1988 (Australia), DORA (Europe), SOC2, and PCI-DSS.
• Monitor emerging risks, including technological advancements and regulatory changes, to proactively adjust GRC strategies.
• Foster a culture of risk awareness by leading training and awareness programs across the organization.
• Collaborate with cross-functional teams, including legal, audit, and corporate compliance, to ensure cohesive risk management practices.
• Oversee the continuous improvement of the GRC program, incorporating best practices and industry standards.
• Work directly with the data protection officer (DPO) and Privacy Program to ensure company adherence to data privacy and data governance requirements.
• Manage and develop teams’ knowledge on GRC and data privacy matters.
• Advise on GRC matters and recommend courses of action to the Chief Information Security Officer.
   

At PRA Group, we're committed to helping our employees reach their highest potential by offering competitive salaries with bonus structure, LTI, proprietary training programs, tuition reimbursement programs, comprehensive healthcare, health, dental and vision benefits, maternal and paternal leave, holiday pay and PTO, an employee assistance program, and valuable opportunities to establish a long career within our organization.

Salary Range:

$147,000.00 - $237,000.00

All qualified applicants will receive consideration for employment regardless of age, race, color, sex, gender, religion, national origin, physical or mental disability, citizenship, or any other classes recognized by state or local law or any other characteristic protected under applicable federal, state or local law. We are a drug free workplace.