Governance, Risk & Compliance Manager in Atlanta, Georgia at F & I Sentinel Llc

LOCATION: Remote

REPORTS TO: Corporate Counsel

The GRC Manager will operate at the intersection of Legal, IT, Security, and Business Operations, serving as a central point of coordination for governance, risk, and compliance initiatives across the organization. The Governance, Risk & Compliance Manager will work closely with Corporate Counsel to align compliance strategy with regulatory obligations and legal risk considerations.

The GRC Manager partners heavily with IT and Information Security teams to translate technical controls and security frameworks into business-aligned processes and documentation. Collaboration with Product and Engineering may be required to ensure that data handling, system controls, and security practices align with compliance requirements.

In addition, the position supports client-facing teams including Sales, Account Management, and Customer Success by responding to due diligence requests, security questionnaires, and audit inquiries, helping to build trust with lender clients and external stakeholders. The role will also coordinate with Operations and Data functions, to support data quality auditing and integrity initiatives.

Externally, the GRC Manager will interact with third-party auditors, vendors, and client stakeholders to support audits, vendor risk management, and compliance assurance activities.

THE OPPORTUNITY: The GRC Manager will mature and scale the company’s GRC capabilities during a period of growth. This role offers the opportunity to build structure, drive process improvements, and enhance the company’s compliance posture in a highly regulated environment.

The position plays a critical role in establishing and maintaining audit readiness (including SOC 2 Type II), strengthening vendor risk management practices, and improving the efficiency and quality of client-facing due diligence responses. The individual will help translate evolving regulatory and security requirements into actionable, business-aligned controls that support both internal operations and external trust.

This is a highly cross-functional and visible role with the opportunity to influence how compliance, risk, and security practices are operationalized across the organization. The ideal candidate will bring both strategic thinking and hands-on execution, helping F&I Sentinel continue to build credibility with financial institution partners while supporting scalable, sustainable growth.

Specifically, the GRC Manager will have responsibility in:

Audit & Certification

Drive SOC 2 Type II audit readiness end-to-end: evidence collection, auditor coordination, and remediation tracking

Execute internal audit procedures across operations for accuracy, completeness, and compliance

Document audit findings, develop corrective action plans, and track remediation to closure

Maintain GRC documentation including control narratives, procedures, and supporting artifacts for continuous audit readiness

Support BCP, DR, and IR programs, including tabletop exercises and plan testing

Due Diligence & Security Questionnaire Management

Own and optimize the end-to-end Due Diligence Questionnaire (DDQ) response workflow, drafting, reviewing, and delivering responses to security questionnaires, Request For Proposals (RFP), and vendor assessments that build trust with lender clients

Partner with IT, infosec, operations, and leadership to serve as the liaison between technical teams and client-facing engagements

Exercise sound judgment in determining how to frame sensitive topics and how to present the company’s security posture accurately

Develop efficiencies through process improvements, implementation of automation and tools, and standardizing responses

Vendor Risk Management

Manage and continuously improve the vendor risk program, maintaining a current inventory of third-party providers with data access or critical dependencies

Apply and refine risk tiering based on data sensitivity, business impact, and regulatory exposure

Conduct periodic reviews of critical and high-risk vendors; track remediation of findings and ensure contractual compliance

Maintain vendor risk documentation that supports audit readiness and DDQ responses

Risk Management Support

Assist in maintaining the risk register; identify emerging risks and document mitigating controls

Assist with risk assessments; operationalize mitigation strategies and validate controls

Data Quality Auditing

Partner with the Data Analyst to define data quality audit criteria and compliance-focused reporting requirements

Review data quality results for accuracy and completeness; identify and escalate data integrity issues

Design data checks and guardrails that ensure operational data integrity across products

Professional Qualifications:

The following knowledge, skills, education, and experiences are required:

3–6+ years of professional working experience

Hands-on experience with SOC 2 audits, either managing or as a key contributor

Working knowledge of security frameworks such as NIST CSF, ISO 27001, FTC Safeguards Rule, or similar

Proven ability to draft and manage security questionnaire responses for enterprise clients

Strong written communication skills - you will be writing client-facing materials that reflect the company's professionalism

Ability to operate independently, manage multiple workstreams, and escalate appropriately

Comfort working in a fully remote environment with a distributed team

The following knowledge, skills, and experiences are preferred, but not required:

Experience in fintech, insurtech, automotive finance, or another regulated industry

Familiarity with F&I (Finance & Insurance) products or the automotive dealer ecosystem is a strong plus

Exposure to vendor/third-party risk management programs

Understanding of basic data privacy requirements (CCPA, state privacy laws)

Experience with data quality analysis and reporting tools

Bachelor's degree in Information Systems, Business, Accounting, Risk Management, or a related field; relevant certifications such as CISA, CRISC, or GRCP are a plus

Why Consider Joining FIS now?

The business is poised for accelerated growth with increasing demand from financial institutions and regulatory scrutiny creating a strong need for scalable GRC capabilities

Opportunity to build and shape foundational GRC processes and programs, rather than inherit a fully mature system

High visibility role with direct impact on client trust, audit outcomes, and enterprise risk posture

Exposure to a unique intersection of fintech, automotive finance, and regulatory compliance

Collaborative, cross-functional environment with access to leadership and influence on strategic decisions

Hybrid/remote culture offering flexibility and autonomy

Competitive compensation and benefits, with opportunity for growth as the company scales

The following behaviors are required:

Ownership mindset: takes full accountability for outcomes, follows through, and proactively addresses gaps

Detail-oriented and quality-driven: maintains high standards for documentation, accuracy, and audit readiness

Sound judgment and discretion: handles sensitive security and compliance information appropriately

Strong written communicator: translates complex technical and regulatory concepts into clear, client-ready language

Cross-functional collaborator: builds trust and works effectively across Legal, IT, Security, and business teams

Process-oriented and disciplined: creates repeatable, scalable workflows and continuously improves them

Risk-aware and pragmatic: balances regulatory requirements with business practicality and speed

Self-directed and organized: manages multiple priorities independently in a remote environment

Continuous learner: stays current on evolving regulations, frameworks, and industry best practices

Problem-solver: identifies root causes, proposes solutions, and drives issues to resolution

Client-focused: understands the importance of external trust and represents the company professionally in due diligence interactions

Adaptable and resilient: operates effectively in a growing, evolving organization with shifting priorities.

F&I Sentinel is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status, or other characteristics protected by law.