Governance, Risk and Compliance Program Manager Sr

About The Opportunity

The GRC Program Manager Sr. is accountable for the end-to-end ownership of Dayforce's global internal Governance, Risk, and Controls (GRC) process and technology operating model, ensuring scalable, well-integrated, and effective enablement of governance, enterprise risk, internal controls, and assurance programs. Reporting to the Senior Director, Enterprise Risk Management, this role serves as the senior business owner for global GRC platforms and associated processes, with responsibility for defining and continuously optimizing process design, functional requirements, data standards, and reporting capabilities across ICFR, ISO-aligned controls, trust and assurance programs, and enterprise risk management activities.

The role independently leads complex, cross-functional, global initiatives spanning GRC process design, platform assessments, vendor selection and management, implementations, integrations, and major enhancements. It resolves diverse and often ambiguous requirements by applying structured analysis and sound judgment, balancing control and assurance objectives, stakeholder priorities, and technology constraints. The GRC Program Manager advises ERM and company leadership on platform and process tradeoffs, recommends scalable solutions, and drives adoption and continuous improvement to strengthen control effectiveness, audit readiness, and risk visibility across the organization.

What You'll Get To Do

• Own the end-to-end GRC process and technology operating model for internal controls, assurance, and trust-related activities, ensuring scalable, standardized, and auditable execution across the enterprise.
• Lead the design, documentation, and continuous optimization of internal GRC workflows and supporting artifacts (processes, procedures, control narratives, evidence standards), applying professional judgment to improve effectiveness, efficiency, and consistency.
• Serve as the senior business owner for internal GRC platforms, accountable for functional governance, platform capability alignment, and operational performance, in partnership with Technology and Engineering teams.
• Independently lead complex, cross-functional requirement discovery and solution design, resolving ambiguous or conflicting stakeholder needs through structured analysis, risk-based prioritization, and documented decisioning.
• Define and maintain enterprise GRC data and process standards, including control mappings, taxonomies, evidence requirements, and reporting definitions to support ICFR, ISO-aligned controls, trust and assurance programs, and ERM activities.
• Advise ERM leadership and senior stakeholders on platform and process tradeoffs, control coverage implications, and implementation sequencing; influence outcomes through persuasion and expertise in a matrixed environment.
• Lead platform assessments and evaluations to identify technology options that best support current and future GRC needs; develop evaluation criteria, facilitate stakeholder scoring, and recommend best-fit solutions based on capability, risk, and scalability.
• Own vendor engagement for GRC technology enablement, including requirements definition, solution reviews, implementation planning, delivery governance, and performance monitoring to ensure outcomes meet business and control objectives.
• Direct end-to-end delivery of implementations, upgrades, and major enhancements, ensuring solutions align with defined requirements, control obligations, and timelines; work is managed independently and reviewed at critical milestones.
• Review and approve functional designs, configurations, and integrations to ensure alignment with internal control requirements, process intent, audit expectations, and enterprise data standards.
• Drive the integration strategy between GRC platforms and enterprise systems to improve automation, data quality, traceability, and reporting reliability for assurance and control testing cycles.
• Establish and maintain platform governance, documentation, and user guidance, including standards for platform use, role-based workflows, evidence quality, and reporting practices.
• Lead change management and adoption for GRC platforms, including stakeholder readiness, training enablement, communications, and practical guidance to improve consistent execution across global teams.
• Monitor and report on platform effectiveness and adoption, using defined KPIs (e.g., workflow utilization, evidence completeness/quality, cycle time, reporting accuracy); identify root causes and lead remediation plans.
• Identify and drive opportunities to standardize, streamline, and automate GRC processes through technology, applying sophisticated problem-solving to address non-routine issues and improve control outcomes.
• Own and maintain the GRC technology roadmap (including sequencing and prioritization of initiatives), aligning investments to risk exposure, assurance needs, audit outcomes, and enterprise scalability requirements.
• Ensure ongoing compliance and alignment of GRC platforms and processes with internal policies, governance standards, and professional practices; escalate and resolve exceptions and control process gaps with appropriate stakeholders.
  
  

Skills And Experience We Value

• Bachelor's degree in business, Information Systems, Computer Science, Risk Management, or a related discipline (or equivalent practical experience).
• Preferred: relevant professional qualifications, certifications (e.g., CPA, CMA, CIA, CISA, CRISC, CISM etc.) or equivalent demonstrated expertise.
• Minimum 6–8 years of progressive experience in GRC, enterprise risk management, internal controls (ICFR/SOX), assurance, audit, or closely related disciplines, with demonstrated ownership of program/process or platform outcomes.
• Demonstrated journey-level expertise in GRC principles and practices, with the ability to assess non-routine situations, identify root cause, and apply sound judgment to recommend practical, scalable solutions.
• Proven experience independently leading diverse, cross-functional initiatives (process design, platform enhancements, integrations, adoption), operating effectively with limited precedent and competing stakeholder priorities.
• Demonstrated ability to influence and align senior stakeholders in a matrixed environment through structured analysis, clear recommendations, and effective communication (influence without direct authority).
• Strong analytical, problem-solving, and prioritization capabilities, including the ability to evaluate tradeoffs between control effectiveness, audit/assurance requirements, user experience, and technology constraints.
• Strong written and verbal communication skills, including producing executive-ready summaries, business cases, process documentation, and functional requirements.
• Strong command of governance, risk, and internal control frameworks and operating practices, including enterprise risk management, ICFR/SOX concepts, and ISO-aligned control models; working knowledge of assurance/audit lifecycle and evidence standards.
• Hands-on experience with enterprise GRC platforms or workflow-based systems (e.g. ServiceNow GRC, RSA Archer, AuditBoard, OneTrust etc.), including configuration and enablement of common GRC capabilities (risk registers, control libraries, workflow automation, issue/deficiency management, evidence collection, reporting).
• Examples may include ServiceNow GRC, RSA Archer, MetricStream, AuditBoard, OneTrust, Workiva, or similar platforms.
• Demonstrated experience translating business and control requirements into functional specifications, process flows, control mappings, and reporting requirements suitable for implementation by Technology/Engineering teams.
• Experience supporting or leading platform implementations and major enhancements, including requirements discovery, UAT planning/execution, release governance, and post-implementation optimization.
• Experience with technology evaluation and vendor selection processes, including development of evaluation criteria, stakeholder scoring facilitation, and recommendation of best-fit solutions.
• Working knowledge of integration concepts (data mapping, interfaces/APIs, automation opportunities) and partnering with technical teams to improve data quality, traceability, and reporting reliability.
• Proficiency with collaboration and documentation tools (e.g., Teams, SharePoint, Confluence) and common project delivery tools (e.g., Jira, Azure DevOps, Smartsheet or similar).
• Strong program ownership mindset with accountability for outcomes and continuous improvement.
• Ability to bridge risk, control, and technology perspectives, translating program needs into system-enabled solutions.
• Structured, detail-oriented, and disciplined in approach to execution and delivery.
• Effective stakeholder management skills with the ability to influence and coordinate across multiple functions.
• Comfortable operating in environments with evolving requirements and competing priorities.
• Demonstrates professionalism, discretion, and integrity when handling sensitive risk and control information.
• Aligns with Dayforce's Our Way Values: Equity, Shared Ambition, Agility, Optimism, Transparency, and Customer Focus.
  
  

Work Environment And Expectations

• Operates effectively in virtual, hybrid, and global team environments.
• Performs work primarily in a professional or home-office setting, involving computer-based and collaborative activities.
• Works a late mid-shift schedule to support collaboration with global stakeholders and technology teams.
• Works independently based on vision, objectives and principles, demonstrating sound judgment and accountability for deliverables.
• Expected to lead and facilitate cross-functional sessions (requirements workshops, design reviews, governance forums, implementation checkpoints) and communicate decisions, tradeoffs, and impacts with clarity and professionalism.
• Maintains a high standard of discretion and confidentiality when handling sensitive risk, controls, audit, and vendor information.
• Manages multiple concurrent initiatives with competing priorities; remains effective in environments with evolving requirements and limited precedent.
• May be required to work extended hours during key implementation phases, major platform initiatives, audit/assurance cycles, or critical remediation efforts to meet enterprise timelines.
• Represents Enterprise Risk Management with credibility and professionalism in meetings with senior stakeholders and external partners.