Job Description
Build the program. Own the outcome. Shape what comes next. Savant is hiring a GRC Lead to design, build, and own our governance, risk, and compliance program from the ground up. This is not a maintenance role. There’s no inherited framework to “optimize” and no playbook sitting on a shelf. Instead, this is a rare opportunity for a seasoned GRC professional to step into full ownership — setting the foundation for how Savant manages security, risk, and regulatory obligations as we continue to grow. If you enjoy turning complex regulatory expectations into practical, enforceable programs — and you want real accountability rather than advisory influence — this role was built for you. Why This Role Is Different True ownership. You’ll own Savant’s GRC operating model end‑to‑end, including governance, controls, escalation, and program maturity. Greenfield build. You’ll design the framework, not inherit someone else’s. Business‑first mindset. This role sits at the intersection of technology, compliance, and leadership — translating risk into clear, actionable decisions. Long runway. As Savant scales, this role grows with it — including future leadership opportunities. What You’ll Do You’ll be responsible for building and operating the firm’s GRC program, partnering closely with IT, Security, Compliance, Legal, HR, and executive leadership. Key areas of ownership include: Designing and implementing governance strategies, security policies, standards, and procedures aligned with regulatory obligations Mapping and operating against frameworks such as SEC, SOC 2, NIST (HIPAA and/or HITRUST experience is also valued) Owning control design, effectiveness, testing, and ongoing monitoring Leading third‑party and vendor risk management programs Monitoring and enforcing vulnerability management and remediation efforts Supporting audits, regulatory exams, and security questionnaires with confidence and clarity Turning technical risk into business‑level reporting leadership can actually use Building maturity over time — prioritizing what matters most and sequencing the rest How You’ll Work Work model: Primarily remote, with flexibility to meet in person at regional offices as needed Location focus: Chicagoland / driving distance to Savant offices Cadence: Autonomy‑heavy, ownership‑driven, with close collaboration early on This role introduces structure and discipline across the organization, so success depends on strong influence, communication, and judgment — not an authoritarian approach.