• IT Governance, Risk, and Compliance (GRC) Manager

    Job Location USA-FL-Tampa
    Posted Date 2 months ago(4/11/2018 2:04 PM)
  • Summary

    Our vision is to be the best provider of building products in the eyes of our customers, employees, shareholders, suppliers and communities.

    At Masonite, we understand that people are key. We are a composite of diverse people who come together by showing support and respect to one another.

    We hire people that demonstrate integrity under pressure. Integrity is at the foundation of everything we do. It is in each door we make, in our commitment delivery and in our honest and sincere communication.

    Our employees are flexible, versatile and resilient. Our ability to weather any storm, to bend without breaking, is what allows us to hear the knock and open the door with confidence, no matter what's on the other side.

    At Masonite, we hold the door open for each other and for new ideas. We want everyone to freely contribute ideas and add value, so we are positive and encouraging. This collaborative environment is what makes Masonite a transparent, fair company- one that doesn't hide behind closed doors.

    We continuously strive to improve both our products and our customers' experiences. This drive leads us to revolutionize the door industry and help people walk through walls.


    The Governance, Risk, and Compliance Manager is responsible for assessing and documenting Masonite’s IT compliance and risk posture as they relate to its information assets. The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management and compliance programs. This individual will also be responsible for managing risk, compliance, and the IT relationships with internal and external audit partners.





    • Operate with a high degree of independence with regard to audit and project management activities, including development of compliance and audit remediation plans. 
    • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.



    • Lead the development and implementation of the system-wide risk management function of the IT department to ensure risks are identified and monitored.
    • Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company’s information and technology systems.


    • Lead the system-wide IT compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
    • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
    • Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.  SOX experience required.


    • Interacts in both oral and written communications with all levels of staff including management, executives, auditors, accounting, and all IT staff and vendors/contractors, in matters related to IT risk, compliance, and audit requirements and remediation. 


    • Work with Internal and External Audit, and outside consultants as appropriate on required security assessments and audits
    • Coordinate and track all information technology and security related audits including scope of audits, timelines, remediation, and outcomes. Work with auditors as appropriate to keep audit focus in scope. Provide guidance, evaluation and advocacy on audit responses.

    Problem-Solving Skills

    • Assesses computer hardware, software, and systems for security risks or violations and work with IT staff and technology vendors to recommend solutions. Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
    • Assesses the status of complex multi-location, international projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.

    Contingency planning (Disaster Recovery/Business Continuity)

    • Lead efforts to mature disaster recovery and business continuity functions of business critical systems and underlying infrastructure. 
    • Manage and execute annual DR/BCP testing to ensure critical systems and applications can fail over to secondary data-center. 
    • Identify gaps in DR/BCP program and develop plan to remediate in alignment with key business processes and needs.



    • Bachelor’s degree in information technology or other related field
    • 5 years of advanced skills with information security risk management and compliance practices.
    • Knowledge of information security risk management frameworks
    • Ability to develop security standards and guidelines based on best practices and industry standards
    • 3 years of planning and managing security projects
    • Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
    • Working knowledge of common security standards and SOX requirements.
    • Skills in documenting risk and compliance activities




    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Click here to connect with us for general consideration.