Governance, Risk, & Compliance Manager

Job Description

About the Role: Fragomen, an AM Law 100 Firm and the leading global immigration services provider, is seeking to candidates for a critical role in data privacy and security. At Fragomen, data privacy and security are more than obligations — they’re strategic priorities and differentiators in a competitive global market. We're seeking a Governance, Risk & Compliance (GRC) Manager who is passionate about security and privacy, deeply knowledgeable in global regulatory frameworks, and capable of driving a proactive, risk-aware culture across the firm.

As the GRC Manager, you will lead and develop a team of compliance analysts and GRC experts, while building a robust and scalable risk management framework. You will be responsible for identifying, evaluating, and mitigating security, privacy, operational, and third-party risks — and for clearly communicating those risks to leadership and clients.

The ideal candidate brings a strategic mindset, strong leadership and organizational skills, and deep expertise in risk identification and mitigation across complex environments. You’ll collaborate with global teams to ensure GRC initiatives are tightly aligned with business objectives and evolving regulatory requirements.

How will you make a difference as a GRC Manager at Fragomen?

• Lead, mentor, and grow a team of compliance analysts and GRC professionals. Provide strategic direction, technical guidance, and foster a culture of continuous improvement.
• Develop and operationalize a risk management program that proactively identifies, assesses, and mitigates organizational and third-party risks, with clear alignment to business priorities.
• Design and manage a comprehensive GRC framework, including risk assessments, controls implementation, and governance practices.
• Partner with Information Security, IT, Privacy, Audit, and Legal to build a unified view of the firm’s security and data privacy posture and convey that view to clients and stakeholders.
• Align data privacy and security policies with day-to-day operations and drive the execution of GRC initiatives across all business units.
• Establish KPIs and dashboards to monitor risk levels, compliance progress, and the effectiveness of controls; regularly report key risk insights to senior leadership and the Risk Committee.
• Conduct Data Privacy Impact Assessments (DPIAs), maintain a central risk register, and oversee the mitigation of identified gaps across people, process, and technology.
• Ensure ongoing adherence to industry standards (e.g., ISO 27001, SOC 2, PCI DSS, NIST) by maintaining audit-ready documentation and leading evidence-gathering activities.

Leverage your valuable skills and experience to make an impact at Fragomen:

• 7+ years of experience in governance, risk, and compliance (GRC), risk management, or information security
• Demonstrated experience leading risk management initiatives and teams
• Professional certifications such as CISA, CISSP, CIA, or similar strongly preferred
• Deep knowledge of global security and privacy frameworks, including ISO 27001, SOC 2, PCI DSS, NIST 800 series, EU GDPR, and related regulatory regimes
• Strong analytical and communication skills with the ability to translate complex risks into actionable strategies for business and technical stakeholders
• Excellent organizational and project management skills, with attention to detail and an ability to manage multiple priorities
• Experience working with cross-functional, global teams and third-party vendors

Benefits:

At Fragomen, we know that great people make a great organization. We value our people and offer employees a broad range of benefits which includes:

• 22 PTO days + Federal holidays
• Medical, Dental, and Vision plans + FSA & HSA Plans
• 401K plan, with company matching

Learn More About Fragomen:

Please take time to read About Us, explore the Meaningful and Impactful Work we do for our clients, and review the standard Benefits we offer. You can find all the material to the right of this page.

Compensation:

The salary range for this role takes into account many factors that are considered in making compensation decisions including but not limited to the individual’s skills, experience, qualifications, work location, work arrangement, licensure and certifications, and applicable laws. It is not typical for an individual to be hired at the top end of the range for their role and compensation decisions are dependent on the factors noted.

A reasonable and good-faith estimate of the current salary range for individuals able to work a hybrid schedule in the office locally is:

$114,000.00 - $152,000.00

You may also be eligible to take advantage of our benefits offering, 401K, and paid time off plans.

All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.