Cybersecurity Program & GRC Manager

About The Position

Requirements

• Bachelor's degree in information security, Information Technology, Accounting, or a related field.
• Minimum of 5-8 years of experience in IT security, compliance, or audit roles, preferably with a focus on PCI DSS and SOX compliance.
• Demonstrated experience managing audit programs, control testing, and risk assessments.
• Experience creating and maintaining governance documentation, risk registers, and program dashboards.
• Strong understanding of PCI DSS and SOX compliance frameworks, IT General Controls (ITGCs), and control design principles.
• Working knowledge of risk management, audit methodologies, and governance frameworks (e.g., CIS Controls, NIST CSF).
• Familiarity with compliance management and reporting tools, and the ability to synthesize technical, risk, and audit information into clear, actionable reporting for both technical and business audiences.
• Strong project management and organizational skills; able to manage multiple priorities and deadlines effectively.
• Excellent written and verbal communication skills, capable of influencing and collaborating across technical and business teams.
• Collaborative mindset and strong interpersonal skills, fostering productive relationships across departments.
• High attention to detail, accountability, and ownership of outcomes.

Nice To Haves

• Relevant security or audit certification (e.g., CISA, CISM, CRISC, CISSP) preferred.
• Prior involvement with third-party risk management or data governance programs preferred.
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)

Responsibilities

• Develop and maintain cybersecurity program documentation, dashboards, and reporting to track initiatives, risks, and control effectiveness.
• Maintain the enterprise security risk register, mapping risks to frameworks such as CIS Controls, PCI DSS, and SOX.
• Coordinate internal governance activities including policy reviews, control ownership assignments, and leadership reporting.
• Track and report remediation of control gaps, audit findings, and risk mitigation actions.
• Develop and maintain program metrics and maturity roadmaps.
• Lead day-to-day coordination of PCI DSS and SOX compliance efforts, partnering with IT, Accounting, and both internal and external auditors.
• Organize and maintain evidence repositories to support control validation and external audits.
• Coordinate and document control testing, ensuring consistency and traceability across compliance frameworks.
• Translate audit observations into actionable improvement plans and monitor closure.
• Support data protection and privacy compliance in collaboration with Legal and Risk Management.
• Partner with Procurement, IT, and Legal to assess and monitor third-party vendor risk, ensuring security and compliance requirements are defined and validated.
• Contribute to data governance and protection initiatives by aligning data-related controls to applicable frameworks and policies.
• Coordinate with technical owners and service providers to ensure security controls and tools supporting compliance (e.g., vulnerability management, MFA, logging, awareness training) are implemented and functioning as intended.
• Administer select program-level platforms such as Security Awareness or compliance workflow tools.
• Track progress of key cybersecurity initiatives, providing leadership with visibility into milestones, dependencies, and resource needs.
• Partner with IT and Infrastructure teams to align change management processes with security and compliance requirements.
• Develop and deliver training and awareness materials to promote cybersecurity and compliance best practices across the organization.