Job Description
About the Role: Fragomen, an AM Law 100 Firm and the leading global immigration services provider, is seeking to candidates for a critical role in data privacy and security. At Fragomen, data privacy and security are more than obligations — they’re strategic priorities and differentiators in a competitive global market. We're seeking a Governance, Risk & Compliance (GRC) Manager who is passionate about security and privacy, deeply knowledgeable in global regulatory frameworks, and capable of driving a proactive, risk-aware culture across the firm.
As the GRC Manager, you will lead and develop a team of compliance analysts and GRC experts, while building a robust and scalable risk management framework. You will be responsible for identifying, evaluating, and mitigating security, privacy, operational, and third-party risks — and for clearly communicating those risks to leadership and clients.
The ideal candidate brings a strategic mindset, strong leadership and organizational skills, and deep expertise in risk identification and mitigation across complex environments. You’ll collaborate with global teams to ensure GRC initiatives are tightly aligned with business objectives and evolving regulatory requirements.
How will you make a difference as a GRC Manager at Fragomen?
Lead, mentor, and grow a team of compliance analysts and GRC professionals. Provide strategic direction, technical guidance, and foster a culture of continuous improvement.
Develop and operationalize a risk management program that proactively identifies, assesses, and mitigates organizational and third-party risks, with clear alignment to business priorities.
Design and manage a comprehensive GRC framework, including risk assessments, controls implementation, and governance practices.
Partner with Information Security, IT, Privacy, Audit, and Legal to build a unified view of the firm’s security and data privacy posture and convey that view to clients and stakeholders.
Align data privacy and security policies with day-to-day operations and drive the execution of GRC initiatives across all business units.
Establish KPIs and dashboards to monitor risk levels, compliance progress, and the effectiveness of controls; regularly report key risk insights to senior leadership and the Risk Committee.
Conduct Data Privacy Impact Assessments (DPIAs), maintain a central risk register, and oversee the mitigation of identified gaps across people, process, and technology.
Ensure ongoing adherence to industry standards (e.g., ISO 27001, SOC 2, PCI DSS, NIST) by maintaining audit-ready documentation and leading evidence-gathering activities.
Leverage your valuable skills and experience to make an impact at Fragomen:
7+ years of experience in governance, risk, and compliance (GRC), risk management, or information security
Demonstrated experience leading risk management initiatives and teams
Professional certifications such as CISA, CISSP, CIA, or similar strongly preferred
Deep knowledge of global security and privacy frameworks, including ISO 27001, SOC 2, PCI DSS, NIST 800 series, EU GDPR, and related regulatory regimes
Strong analytical and communication skills with the ability to translate complex risks into actionable strategies for business and technical stakeholders
Excellent organizational and project management skills, with attention to detail and an ability to manage multiple priorities
Experience working with cross-functional, global teams and third-party vendors
Benefits:
At Fragomen, we know that great people make a great organization. We value our people and offer employees a broad range of benefits which includes:
- 22 PTO days + Federal holidays
- Medical, Dental, and Vision plans + FSA & HSA Plans
- 401K plan, with company matching
Learn More About Fragomen:
Please take time to read About Us, explore the Meaningful and Impactful Work we do for our clients, and review the standard Benefits we offer. You can find all the material to the right of this page.
Compensation:
The salary range for this role reflects a variety of factors considered in compensation decisions, including but not limited to an individual’s skills, experience, qualifications, work location, work arrangement, licensure and certifications, and applicable laws. Placement within the range will vary based on these factors, and compensation decisions are made to ensure internal equity and alignment with market data.
A reasonable and good-faith estimate of the current salary range for individuals able to work a hybrid schedule in the office locally is:
$114,000.00 - $152,000.00
You may also be eligible to take advantage of our benefits offering, 401K, and paid time off plans.
All offers and/or employment contracts are contingent upon the successful completion of the Firm’s pre-employment screening process. This process may include verifying the candidate’s identity, confirming legal authorization to work in the offered position's location, and conducting a comprehensive background check, where permitted by local regulations.
