GRC Manager

CyeraKansas City, MO
13h$120,000 - $150,000Remote
Match Resume

About The Position

Cyera is seeking a strategic, execution-focused GRC Manager to lead and mature our global Governance, Risk, and Compliance program. This is a senior leadership role responsible for owning Cyera’s audit and certification strategy across frameworks such as ISO 27001, SOC 2 Type 2, C5, PCI DSS, ISO 42001, and FedRAMP, while driving operational excellence across third-party risk management, supplier governance, policy lifecycle management, enterprise risk processes, and security awareness programs. The GRC Manager will lead and develop a team of 3–4 GRC analysts and act as a key partner to Security Engineering, Legal, IT, Product, and Executive Leadership. This role requires both deep technical understanding of security control frameworks and strong leadership capabilities to scale a best-in-class GRC function.

Requirements

  • 7–10+ years of experience in GRC, security compliance, or audit leadership.
  • 3+ years of people management experience.
  • Deep expertise in: ISO 27001 SOC 2 Type 2 PCI DSS FedRAMP C5 ISO 42001 (or emerging AI governance frameworks)
  • Experience managing external audits and assessors.
  • Strong understanding of cloud security environments (AWS, GCP, Azure).
  • Proven experience building or maturing a third-party risk management program.
  • Strong knowledge of risk management methodologies and control frameworks.
  • Experience leading policy governance programs.
  • Excellent executive communication and reporting skills.
  • Ability to operate strategically while driving tactical execution.

Nice To Haves

  • CISSP, CISA, CRISC, CISM, ISO 27001 Lead Implementer/Auditor, or similar certifications.
  • Experience in SaaS or cloud-native environments.
  • Experience preparing organizations for FedRAMP authorization.
  • Familiarity with automation tools for GRC evidence collection and control monitoring.
  • Experience with AI governance frameworks (ISO 42001).

Responsibilities

  • Own end-to-end lifecycle of external audits and certifications: ISO 27001 SOC 2 Type 2 C5 PCI DSS ISO 42001 FedRAMP (as applicable)
  • Develop and execute a multi-year audit and certification roadmap aligned to company growth.
  • Serve as primary liaison with external auditors, assessors, and regulatory bodies.
  • Ensure ongoing control readiness, not point-in-time compliance.
  • Translate audit findings into measurable remediation plans and track closure.
  • Drive control automation and evidence collection improvements.
  • Maintain framework crosswalks and ensure control harmonization across multiple standards.
  • Own and mature Cyera’s Third-Party Risk Management (TPRM) program.
  • Establish vendor tiering methodology and risk scoring processes.
  • Lead pre-engagement vendor security assessments and ongoing reassessments.
  • Oversee SOC report reviews, security due diligence, and contractual security requirements.
  • Partner with Legal to embed security and compliance obligations in vendor contracts.
  • Ensure effective vendor offboarding and data destruction validation.
  • Develop reporting dashboards for supplier risk exposure.
  • Own the full lifecycle of security and compliance policies: Drafting Review Executive approval Publication Periodic review
  • Align policies across ISO, SOC 2, FedRAMP, and other frameworks.
  • Lead formal policy exception process, including: Risk evaluation Compensating controls Executive approval workflows Exception tracking and renewal cadence
  • Ensure policies remain operationally practical and enforceable.
  • Own and maintain the corporate risk register.
  • Facilitate periodic risk assessments across business units.
  • Identify and assess operational, technical, regulatory, and strategic risks.
  • Track remediation plans and report on residual risk.
  • Develop executive-ready risk reporting materials.
  • Present risk posture updates to senior leadership.
  • Oversee annual security awareness training program.
  • Develop targeted training modules for high-risk roles.
  • Track completion and effectiveness metrics.
  • Continuously improve awareness strategy based on risk trends and audit findings.
  • Promote a security-first culture across the organization.
  • Develop KPIs and dashboards for: Audit readiness Risk exposure Policy compliance Third-party risk posture Control maturity
  • Provide recurring updates to executive leadership
  • Support Board-level reporting as needed
  • Identify opportunities to automate reporting and control monitoring
  • Lead, mentor, and develop a team of 3–4 GRC analysts.
  • Define career paths and professional development plans.
  • Establish performance metrics and accountability frameworks.
  • Foster a high-performance, collaborative team culture.
  • Provide coaching in audit management, risk assessment, and stakeholder engagement.
  • Scale team processes to support rapid company growth.

Benefits

  • Ability to work remotely, with office setup reimbursement
  • Competitive salary
  • Unlimited PTO
  • Paid holidays and sick time
  • Health, vision, and dental insurance
  • Life, short and long-term disability insurance

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Manager

Education Level

No Education Listed

Job Search Resources

Similar GRC Manager job opportunities

GRC Manager
Pillsbury Winthrop Shaw Pittman
Pillsbury Winthrop Shaw Pittman • Nashville, TN6d
GRC Manager
Pillsbury Winthrop Shaw Pittman LLP
Pillsbury Winthrop Shaw Pittman LLP • Nashville, TN7d
GRC Developer
Synovus
Synovus • Columbus, GA7d
GRC Director
Tanium
Tanium • Durham, NC7d • Onsite
🔥 New JobGRC Analyst
Point Wild
Point Wild10h • $80,000 - $95,000 • Remote
🔥 New JobGRC Developer
Synovus
Synovus • Columbus, GA9h
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service