Information Security Manager (GRC)

About The Position

Requirements

• 5+ years of experience with Information Security, GRC or IT Audit roles, demonstrating a growing understanding of GRC concepts and methodologies.
• Experience managing a GRC function and staff.
• Effective writing skills for tasks such as policy review and approval, developing risk treatment plans, and creating audit documentation and responses for external auditors.
• Strong organizational skills and attention to detail for managing documentation, audit evidence, and maintaining accurate GRC records.
• Proven track record of developing and implementing policies and procedures, assessing and prioritizing risks, and maturing security compliance programs.
• Substantial experience with regulatory frameworks and standards, such as NIST, SOC 2, ISO 27001, and FedRAMP.
• Experience communicating detailed security concepts, risks, and controls to both technical and non-technical stakeholders.
• Outstanding interpersonal and leadership skills that inspire collaboration and drive alignment across teams.
• Demonstrates an ability to lead effectively in dynamic, fast-paced environments, balancing strategic vision with tactical execution to respond to evolving security needs.

Nice To Haves

• Experience working with GRC platforms (e.g., Drata, Vanta, ZenGRC) and project management tools (e.g., Jira, Asana) is a plus.
• A Bachelor's degree in Information Security, Computer Science, Information Technology, Business, or a related field, or equivalent practical experience, is preferred.
• Relevant professional certifications such as CISSP, CompTIA Security+, CISA, or CRISC are highly desirable.

Responsibilities

• Manage LVT’s annual SOC 2 audit and other audits as necessary.
• Collaborate with IT, Finance, and Legal to represent Information Security in various cross-functional processes including vendor risk, contractual terms, and customer security questions.
• Identify inefficiencies in different GRC processes and improve them.
• Design and manage regular internal audits of security controls.
• Implement automated control monitoring and evidence collection.
• Create, review, and maintain LVT’s security policies.
• Maintain LVT’s risk register to ensure accurate and timely recording of identified risks and their mitigation statuses.
• Build strong relationships with risk owners to drive program buy-in, accountability, and ownership.
• Work with SalesOps to develop an approach to customer security questionnaires.
• Mature our public-facing Security Trust Center to enhance transparency, showcase LVT’s commitment to security, and streamline the sales process.
• Identify and operationalize ways to automate tools and processes to improve LVT’s compliance program efficiency and collaboration across multiple teams.
• Establish and maintain measurable GRC program metrics to quantify effectiveness, highlight progress, and drive continuous improvement.