Cybersecurity Program Manager – GRC

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• 10+ years of cybersecurity experience, including at least 5 years in a program management, governance, or leadership role.
• Proven experience developing and implementing IT security policies, standards, and procedures from the ground up.
• Demonstrated success collaborating with cross-functional teams to create and maintain enterprise security documentation.
• Strong knowledge of cybersecurity frameworks and standards, including NIST CSF, ISO 27001, CIS Controls, SOC 2, and CMMC.
• Experience with security governance, compliance management, and risk assessment methodologies.
• Deep understanding of security controls, threat management, vulnerability management, and security operations.
• Experience managing complex, enterprise-wide cybersecurity programs and initiatives.
• Strong project and program management skills with the ability to manage multiple priorities simultaneously.
• Excellent written, verbal, and executive-level communication skills.

Nice To Haves

• PMP (Project Management Professional) certification or equivalent program management certification.
• Professional cybersecurity certifications such as CISSP, CISM, CRISC, or similar.
• Experience supporting highly regulated industries and compliance-driven environments.
• Familiarity with Agile, Waterfall, and hybrid project management methodologies.

Responsibilities

• Lead the development, documentation, and maintenance of enterprise-wide IT security policies, standards, and procedures.
• Create comprehensive security governance documentation from scratch, ensuring alignment with business objectives and regulatory requirements.
• Collaborate with IT, Security, Compliance, and business stakeholders to identify policy gaps and define security requirements.
• Develop and maintain policies covering areas such as access management, data protection, incident response, risk management, and security operations.
• Establish clear, enforceable standards and implementation guidelines for both technical and non-technical teams.
• Document detailed operational procedures to ensure consistent execution across departments.
• Facilitate policy review cycles, stakeholder approvals, and governance processes.
• Conduct periodic audits of policy compliance and recommend updates based on findings, organizational changes, and emerging threats.
• Develop, implement, and maintain enterprise-wide cybersecurity programs aligned with organizational goals and industry best practices.
• Create and execute multi-year cybersecurity roadmaps and strategic initiatives.
• Define program objectives, success metrics, and key performance indicators (KPIs) to measure effectiveness.
• Monitor emerging cybersecurity threats, vulnerabilities, and industry trends to proactively adjust program strategies.
• Manage cybersecurity program budgets, resources, and project priorities.
• Partner with IT, Security Operations, Risk Management, Compliance, Legal, and business leadership teams to drive cybersecurity initiatives.
• Establish governance frameworks, decision-making processes, and accountability structures.
• Coordinate activities with external vendors, consultants, auditors, and third-party service providers.
• Communicate complex cybersecurity concepts to both technical and non-technical audiences.
• Promote a culture of cybersecurity awareness and accountability across the organization.
• Ensure compliance with applicable regulatory and industry frameworks, including CCPA, CPRA, SOC 2, CMMC, and related standards.
• Lead risk assessments, vulnerability management initiatives, and penetration testing programs.
• Develop and maintain risk management processes and security control frameworks.
• Monitor and report on organizational security posture and compliance status.
• Support incident response planning, testing, and coordination during cybersecurity events.
• Oversee the evaluation, implementation, and optimization of security technologies, tools, and controls.
• Conduct security architecture reviews and technology assessments.
• Drive continuous improvement initiatives across cybersecurity programs and processes.
• Maintain comprehensive program documentation, operational procedures, and knowledge repositories.
• Ensure effective documentation management and organizational readiness for audits and assessments.
• Provide executive leadership and key stakeholders with regular updates on cybersecurity initiatives, risks, and program performance.
• Develop dashboards, metrics, and reports to communicate compliance and security effectiveness.
• Present cybersecurity strategies, findings, and recommendations to senior management and executive leadership.
• Escalate critical risks, compliance issues, and security concerns as appropriate.

Benefits

• benefit package
• convenient weekly payment solutions