Information Security GRC Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Business, or related field (Master’s preferred)
• 10+ years of experience in information security, IT risk, or compliance
• 2–3+ years of hands-on experience in a GRC-focused role
• Strong knowledge of frameworks and standards (e.g., NIST, ISO 27001, COBIT)
• Experience managing audits and working with external regulators or assessors
• Excellent communication skills, with the ability to engage both technical and business stakeholders
• Strong project management skills and ability to manage multiple initiatives simultaneously

Nice To Haves

• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA)
• Experience with SOX ITGC controls and audit coordination
• Familiarity with third-party/vendor risk management programs
• Experience with GRC tools (e.g., Optro (AuditBoard), ServiceNow GRC, OneTrust)

Responsibilities

• Lead Governance & Security Programs: Develop and maintain the enterprise information security governance framework. Establish and lead cross-functional governance forums (e.g., compliance working groups, risk committees). Oversee security policies, standards, procedures, and risk methodologies.
• Drive Risk Management: Lead enterprise-wide risk assessments, including identification, analysis, and mitigation of security risks. Define, track, and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Partner with stakeholders to support risk-based decision-making.
• Own Compliance & Certifications: Plan and execute compliance and readiness assessments (e.g., PCI-DSS, NIST CSF, ISO 27001). Serve as the primary liaison for external auditors and assessors. Ensure ongoing adherence to regulatory and contractual requirements.
• Manage Audit & Assurance Activities: Coordinate internal and external audits, including SOX-related controls where applicable. Oversee remediation tracking and ensure timely resolution of findings. Continuously improve control effectiveness and assurance processes.
• Partner Across the Business: Collaborate with IT, Legal, Privacy, and business teams to embed security into operations. Translate complex security and compliance requirements into business-friendly language. Provide regular reporting on risk posture and compliance to senior leadership.
• Promote Security Awareness: Develop and deliver training and awareness programs related to risk and compliance. Foster a culture of security and accountability across the organization.

Benefits

• Competitive healthcare, dental & vision insurance
• 401(k) matching after one year of employment
• Generous time off + company holidays
• Merchandise discount
• Learning & Development programs
• Much more!