The GRC (Governance, Risk, & Compliance) Program Manager plays a critical role in ensuring the company adheres to applicable cyber laws, regulations, and information security policies and standards. The individual will design, implement, and govern cyber risk management and technology compliance activities, collectively as a program. The individual will be responsible for the implementation and optimization of a governance, risk and compliance tool with execution of one or more cyber risk management programs, to include user attestations, third-party risk management, cyber contract administration, IT control testing, and audit coordination. Program functions and duties may include: planning, scheduling, and oversight of internal/external system user attestations across the enterprise; assessing and consulting on third-party cyber risks; review and negotiation of cyber contracts; coordination of IT components of onsite and virtual audits/assessments (e.g., SOC1/2, PCI DSS/NIST CSF, NIST AI RMF), NCUA regulatory examinations and client due diligence reviews. The individual must scope and execute program(s) to ensure the organization meets regulatory requirements and industry standards to mitigate cyber risks and achieve company certification and reporting objectives (e.g., PCI DSS, NIST, SOC1/2). This is an individual contributor role reporting to the VP of Technology Compliance and engaging with internal and external stakeholders to mitigate risk, integrate security measures into business operations, and foster a security-conscious culture.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed