Benefits Start Day 1 for Full-Time Colleagues - No Waiting Period! For more information about our benefits, see below! We are proud to be a member of the Rentokil family of companies, the global leader in Pest Control and other services across more than 90 countries. We pride ourselves on being a trusted partner to many of the world's leading brands and serve consumer and business customers across multiple industries. We are extremely proud of our legacy of excellence and constantly work to fulfill our mission to "protect people, enhance lives, and preserve the planet." Overview The Head of GRC (Governance, Risk & Compliance) for North America is responsible for the strategic execution of regulatory compliance and risk management frameworks. Reporting directly to the NA CIO, this leader owns the regional risk posture and ensures that North American operations are fully aligned with global standards while meeting stringent local mandates. This role is the primary custodian of IT General Controls, SOX, and PCI-DSS governance, ensuring the business remains audit-ready and resilient against emerging threats. Duties & Responsibilities Core Governance & Strategic Oversight - Master Risk Accountability: Own and manage the central North American repository for all IT Audit, Risk, and Compliance actions. Drive the end-to-end accountability loop to ensure findings are not just identified, but remediated on schedule. - Best-in-Class ITGC Program: Lead the development, execution, and continuous maturation of a "best-in-class" IT General Controls (ITGC) program, ensuring proactive mitigation of financial, operational, and cyber risks. - Global Standard Influence: Actively shape best practices and standards by ensuring North America’s unique regulatory and operational perspectives are integral to the Group strategic direction. - Audit Interface Leadership: Serve as the primary, authoritative interface for all third-party auditors, Group Internal Audit, and regulatory bodies (PCI, SOX). Ensure a globally consistent audit approach and maintain absolute transparency in reporting. - Enterprise Risk Integration: Direct the identification, assessment, and prioritization of IT and Cyber risks, ensuring they are quantified and seamlessly integrated into the broader North American Enterprise Risk Management (ERM) framework. Regulatory & Compliance Ownership - PCI-DSS & SOX Custodian: Own end-to-end regional compliance for PCI-DSS (Payment Card Industry) and SOX (Sarbanes-Oxley). Ensure all financial and payment systems meet strict audit requirements without exception. - Policy Enforcement: Localize and execute the global cyber security roadmap. Establish regional policies that bridge the gap between global requirements and local North American legal/mandated requirements. - Security Service Transition: Own the security "gatekeeping" process for new technology. Ensure that any new business tool or system undergoes rigorous security testing and risk assessment before entering the production environment. Cyber Security Operations & Resilience - Incident Leadership: Serve as the lead coordinator for security incident response (IR). Own the communication bridge between technical containment teams and executive leadership (Legal, Finance, HR). - Executive Resilience Testing: Plan and execute regular tabletop activities and simulations for Executive Leadership Team (ELT) members to test and mature incident response capabilities. - Cross-Functional Posture Improvement: Coordinate proactively with technology and business teams to improve the overall security posture and drive measurable risk reduction across the North American region. - Field Education & Awareness: Drive a targeted field education strategy to build awareness and understanding of current risks and vulnerabilities among all relevant operational teams. - Threat & Vulnerability Oversight: Manage the regional vulnerability management program. Use the "Master Risk Register" to force-rank and drive the patching of critical infrastructure. - Security Culture & Awareness: Design and lead regional security training programs to foster a "security-first" culture, moving beyond compliance check-boxes to behavioral change. - Third-Party Risk Management: Oversee the security evaluation of all regional third-party vendors and partners to mitigate supply chain risks. Candidate Requirements Education Bachelor’s Degree (Required): Typically in Computer Science, Information Technology, Cybersecurity, or a related STEM field. Experience - Experience: 12+ years of progressive experience in Cyber Security, Information Security, or IT Risk Management. - Compliance Expertise: Proven track record of managing PCI-DSS (Level 1 or 2 environments) and SOX ITGC frameworks in a complex corporate setting. - Leadership: Minimum of 5 years in a senior leadership role managing multi-disciplinary security teams. Skills & Competencies - Technical Depth: Deep understanding of network security, cloud security (AWS/Azure/GCP), and encryption standards. - Certifications: (Preferred) CISSP, CISM, CISA, or PCIP. - Soft Skills: Exceptional ability to communicate technical risks to non-technical stakeholders (Legal, Finance, Executive Board). Physical Demands and Working Conditions (do not edit) The physical demands are representative of those that must be met by an employee to perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Incumbent must be prepared to: - Move up to 10 pounds occasionally, by lifting, carrying, pushing, pulling, or otherwise repositioning objects. - Sitting for long periods of time while using office equipment such as computers, phones and etc. - Performing repetitive motions involving the wrists, hands, and fingers, such as typing, picking, and pinching, within your regular work environment. - Express or exchange ideas with others through the use of spoken word, quickly, accurately, and at an easily audible volume, and receive detailed information through oral communication at usual speaking levels without correction, and/or make fine discriminations in the nature of sounds in the environment. Incumbent is required to have: - Near-range visual acuity for detailed tasks and ability to perform activities with precision such as analyzing data, viewing computer screens or reading extensively. Incumbent will be subject to: - Inside working conditions: The change of building environment such as with or without air conditioning and heating. Our companies are proud to be Affirmative Action (AA) and Equal Opportunity Employers (EOE) inclusive of veterans and those with disabilities. Disclaimer The above statements are intended to describe the general nature and level of work being performed by colleagues assigned to this position. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of colleagues so classified. All colleagues may be required to perform duties outside of their normal responsibilities from time to time, as needed. Why Choose Us? A career with the Rentokil family of companies can be a professional trajectory filled with opportunity. We pride ourselves on being a world-class team that rewards high performance, and we love to promote from within. We offer competitive pay and many of our roles offer performance incentives. Below you'll find information about some of what we have to offer. All Full-Time Colleagues qualify for the following and Part-Time Colleagues qualify for most benefits after they meet certain criteria. Click here to read more about our Total Rewards Program which includes:  Professional and Personal Growth - Multiple avenues to grow your career - Training and development programs available - Tuition Reimbursement benefits (for FT Colleagues) Health and Wellness - Full-time colleagues are eligible to begin enrollment immediately upon hire with benefits starting on day 1 - Health benefits including Medical, Dental, Vision, Disability, and Life Insurance plus much more Savings and Retirement - 401(k) retirement plan with company-matching contributions Work-Life Balance - Vacation days & sick days - Company-paid holidays & floating holidays - A company mindset that prioritizes health, safety, and flexibility We are looking for individuals who want to make a difference where our customers live and work.  Is that you? This company is a Drug Free workplace. Rentokil is committed to complying with all Federal, State, and local laws related to the employment of qualified individuals with disabilities. California residents click here to review your privacy rights. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. By applying to this job, you agree to receive initial texts from systems used on behalf of Rentokil North America, Inc., possibly including Workday, Loop, and HireVue. These systems utilize text messages to communicate with you throughout the application, interview, and pre-hire processes. You can set your communication preferences or opt out of text messages from each system at any time following the initial message. Message and data rates may apply.