Governance, Risk, & Compliance Manager

Job Description

About the Role : Fragomen, an AM Law 100 Firm and the leading global immigration services provider, is seeking to candidates for a critical role in data privacy and security. At Fragomen, data privacy and security are more than obligations - they're strategic priorities and differentiators in a competitive global market. We're seeking a Governance, Risk & Compliance (GRC) Manager who is passionate about security and privacy, deeply knowledgeable in global regulatory frameworks, and capable of driving a proactive, risk-aware culture across the firm.

As the GRC Manager, you will lead and develop a team of compliance analysts and GRC experts, while building a robust and scalable risk management framework. You will be responsible for identifying, evaluating, and mitigating security, privacy, operational, and third-party risks - and for clearly communicating those risks to leadership and clients.

The ideal candidate brings a strategic mindset, strong leadership and organizational skills, and deep expertise in risk identification and mitigation across complex environments. You'll collaborate with global teams to ensure GRC initiatives are tightly aligned with business objectives and evolving regulatory requirements.

How will you make a difference as a GRC Manager at Fragomen?

• Lead, mentor, and grow a team of compliance analysts and GRC professionals. Provide strategic direction, technical guidance, and foster a culture of continuous improvement.
• Develop and operationalize a risk management program that proactively identifies, assesses, and mitigates organizational and third-party risks, with clear alignment to business priorities.
• Design and manage a comprehensive GRC framework, including risk assessments, controls implementation, and governance practices.
• Partner with Information Security, IT, Privacy, Audit, and Legal to build a unified view of the firm's security and data privacy posture and convey that view to clients and stakeholders.
• Align data privacy and security policies with day-to-day operations and drive the execution of GRC initiatives across all business units.
• Establish KPIs and dashboards to monitor risk levels, compliance progress, and the effectiveness of controls; regularly report key risk insights to senior leadership and the Risk Committee.
• Conduct Data Privacy Impact Assessments (DPIAs), maintain a central risk register, and oversee the mitigation of identified gaps across people, process, and technology.
• Ensure ongoing adherence to industry standards (e.g., ISO 27001, SOC 2, PCI DSS, NIST) by maintaining audit-ready documentation and leading evidence-gathering activities.

Leverage your valuable skills and experience to make an impact at Fragomen :

Benefits :

At Fragomen, we know that great people make a great organization. We value our people and offer employees a broad range of benefits which includes :

Learn More About Fragomen :

Please take time to read About Us, explore the Meaningful and Impactful Work we do for our clients, and review the standard Benefits we offer. You can find all the material to the right of this page.

Compensation :

The salary range for this role reflects a variety of factors considered in compensation decisions, including but not limited to an individual's skills, experience, qualifications, work location, work arrangement, licensure and certifications, and applicable laws. Placement within the range will vary based on these factors, and compensation decisions are made to ensure internal equity and alignment with market data.

A reasonable and good-faith estimate of the current salary range for individuals able to work a hybrid schedule in the office locally is :

$114,000.00 - $152,000.00

You may also be eligible to take advantage of our benefits offering, 401K, and paid time off plans.

All offers and / or employment contracts are contingent upon the successful completion of the Firm's pre-employment screening process. This process may include verifying the candidate's identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.