ABOUT US

Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $7.6 billion in revenue for 2024, Clayco specializes in the “art and science of building,” providing fast-track, efficient solutions for industrial, commercial, institutional, and residential projects.

REQUIREMENTS

• 8+ years of experience in GRC, information security, or audit & compliance roles.
• 3+ years of management or leadership experience within GRC or a related discipline.
• Bachelor’s degree in Information Technology, Cybersecurity, or related field required; Master’s preferred. Equivalent experience may be considered.
• Relevant certifications preferred, including CISSP, CISM, CRISC, CMMC Certified Assessor (CCA), or NIST CSF Lead Implementer (must be current or obtained within 12 months).
• Strong understanding of regulatory and compliance requirements, including ITAR/EAR, CCPA/CPRA, NIST 800-171, NIST CSF, CIS Critical Controls, PCI DSS, and HIPAA.
• Experience drafting and implementing compliance policies, managing risk registers, and administering GRC tools.
• Hands-on experience in enterprise, cloud, and IoT hybrid environments with strong technical understanding of systems and controls.
• Proven ability to evaluate risks, audit systems, and identify business control gaps.
• Strong analytical and reporting skills, with knowledge of statistics and data-driven decision-making.
• Exceptional communication skills, with the ability to translate technical details into business insights for diverse stakeholders.
• High level of integrity, confidentiality, and professionalism, capable of handling sensitive projects in a fast-paced environment.

SOME THINGS YOU SHOULD KNOW

• Our clients and projects are nationwide.
• No other builder can offer the collaborative design-build approach that Clayco does.
• We work on creative, complex, award-winning, high-profile jobs.
• The pace is fast!
• This position is classified as a safety-sensitive role in accordance with applicable state and federal laws.
• Candidates selected will be subject to a comprehensive background check, including mandatory drug testing.

THE ROLE WE WANT YOU FOR

Under the direction of the Chief Information Security Officer (CISO), the Governance, Risk Management, and Compliance (GRC) Manager is a process-oriented, risk-focused leadership role that ensures all risk exposure to Clayco’s information assets is identified, documented, communicated, and treated to an acceptable level across the organization.
This role will also oversee the GRC team’s efforts to educate employees on emerging threats, risk awareness, and appropriate responses, including simulated testing to measure effectiveness and retention. The GRC Manager will regularly evaluate operating environments, processes, capabilities, and controls to ensure compliance with Clayco policies, adopted frameworks and standards, and applicable laws, regulations, and contractual obligations.

THE SPECIFICS OF THE ROLE

• Ensures all identified risks, vulnerabilities, non-compliance issues, and misconfigurations are captured, assessed, prioritized, and communicated in a timely and effective manner.
• Manages and contributes to the Enterprise Risk Register, documenting risk statements, quantifying impact, and tracking mitigation plans with regular reporting to leadership.
• Oversees and maintains the Controls Catalog, aligning control objectives with adopted frameworks, standards, and regulatory requirements.
• Leads Third-Party Risk Management (TPRM), evaluating vendor risk, maintaining vendor assessments, and ensuring appropriate risk treatment.
• Performs analysis, benchmark testing, monitoring, and audits of production systems and services to ensure compliance with policies, regulations, and contractual requirements.
• Monitors and reports on remediation performance metrics and escalates inadequate responses as needed.
• Manages the Security Awareness Program, including online training, phishing simulations, and cybersecurity engagement events.
• Coordinates external audits and assessments, gathering and submitting required documentation and artifacts.
• Identifies and reports findings, trends, and risks that require updates to policies, procedures, or controls.
• Collaborates cross-functionally with IT teams, business stakeholders, and leadership to embed risk management into organizational processes.
• Stays informed on regulatory changes and evolving security frameworks, disseminating updates to appropriate staff and updating policies as needed
• Supports major organizational initiatives to ensure new systems and services align with compliance requirements and Clayco standards.