The Information Technology (IT) Services group is a strategic practice unit within GBQ that serves GBQ clients across the US.

The Manager – Governance, Risk, Compliance and Privacy (GRCP) will participate in the following activities:

  • Active participation in assessment projects, report writing, controls implementation and the delivery of other IT Services team projects
  • Thought leadership in a specialty area within the GRCP domain
  • Leadership in the marketing, scoping, proposing and quoting of GBQ IT Services to prospective clients
  • Collaborate with team management to evolve the GBQ GRCP service line and supporting processes

Our ideal candidate is an experienced risk, compliance or IT professional whose career includes a broad range of hands-on experience working within or as a consultant to enterprise organizations with experience assessing, evaluating, building and/or operating security, privacy and compliance programs.


We are seeking individuals skilled at performing control and compliance authority assessments, developing remediation plans and working with business management to understand IT risks of all varieties.

Responsibilities will be based on background but will typically include:

  • Works with the GBQ IT Services department head to contribute to the continued expansion and growth of the GRCP service line strategic plan
  • Delivers on national security (CMMC), HIPAA, FFIEC, PCI, state privacy acts, information governance, records management or other related services to enterprise, mid-market and emerging business clients
  • Understands client needs to properly scope, develop project plans, resource plans, and establish reporting and metrics to provide the client with regular updates
  • Assists with proposals, RFI’s, and RFP’s
  • Supports client interviews, including the development of pre-meeting materials, background research, and mentors other team members on the client’s environment
  • Ensures clients receive timely, actionable and thoughtful responses to questions, data subject requests or supervisory authority inquiries
  • Develops GRCP domain knowledge, processes, templates and tools to be used in services delivery to clients
  • Monitors news, jurisdictional changes and industry updates to relay to clients and GBQ team members
  • Develops data inventories, data flow diagrams, data maps, and processing registers in support of client projects
  • Builds relationships with other GBQ professionals, cross-sells into different industries and participates in GBQ and industry events where subject matter expertise is requested
  • Reviews and edits policies, processes, workflows, and work instructions to align them with industry standards (e.g., NIST, ISO, HIPAA, FFIEC, GLBA, GDPR, etc.)
  • Institutes GBQ methodologies and ensures consistency on projects where he/she is responsible for leading the project
  • Participates in and conducts business unit, legal, IT, privacy and governance interviews and meetings, as needed
  • Proofreads and edits reports, prior to presenting to clients
  • Acts as Performance Manager to GRCP staff
  • Mentors team members to ensure the quality of work product is consistent throughout client engagements, and GBQ standards are applied for every engagement
  • Manages multiple large, complex and long-term engagements
  • Other duties as required


  • Bachelor’s degree, in Business, Public Administration, Computer Science or related field, required


  • Five (5) or more years of consulting experience, required
  • Two (2) or more years of experience working in data governance, security, privacy or similar projects, required
  • Experience with managing privacy, information governance, national security, cybersecurity, PCI and/or GRC engagements, required


  • CIPP/E, CIPP/US, CIPM, CIPT, or other privacy certifications, preferred
  • CISSP, CISA, CRISC or other similar certifications, preferred

Software/Technical Expertise:

  • Experience with GRC platforms, IT Governance, information governance software, ECM, records management software, or similar technologies, preferred
  • Experience in the application of risk assessment processes such as NIST 800-30 or others, required
  • Proficient in the use of Microsoft Office Suite
  • Familiarity with security testing tools such as QualysGuard, Nessus, Netsparker, etc. is not required but will be useful in the team environment


  • Solid organizational skills, especially the ability to meet project deadlines with a focus on details
  • Team player and deadline-oriented
  • Ability to multi-task and set workload priorities in a fast-paced and deadline-driven environment
  • Completes assignments within established budget for assigned areas
  • Achieves charge hour budget and minimum billable hours as set by the Firm
  • Participates in “approved” non-client initiatives to improve firm administration

Practice Growth:

  • Participates in pursuit of new clients and new client opportunities
  • Represents the Firm and builds relationships by participating in outside activities
  • Develops and demonstrates strong leadership skills
  • Demonstrates excellent written and verbal communication skills

Client Focus:

  • Executive presence, with the ability to act as the primary contact on assigned engagements
  • Ability to provide outstanding client service
  • Attention to detail and accuracy
  • Analytical and creative problem-solving skills
  • Comprehends new, complex issues and performs research to solve complex problems
  • Strong analytical and advanced research skills related to industry trends, market competition and technology

Brand Culture/Development:

  • Exemplify Brand Attributes of the Firm
  • Comply with all policies and procedures of the Firm
  • Ability to interact effectively with people at all organizational levels of the Firm and with clients
  • Capacity to build and maintain strong relationships with internal and client personnel
  • Ability to encourage a team environment on engagements, and contribute to the professional development of assigned personnel
  • Consistently seeks feedback on performance from superiors and enhances and develops professional and technical skills

Organizational Relationships:

  • Manager will report directly to a Performance Manager who will provide any necessary guidance relative to administrative issues or work performance through the formal evaluation process

Special Requirements:

  • Flexibility with travel and hours
  • Reliable transportation for on-site client work


Job Application Form

  • Accepted file types: pdf, Max. file size: 50 MB.
  • This field is for validation purposes and should be left unchanged.