Information Security Program Manager - GRC

Jobgether

1d•$140,000 - $194,000

About The Position

This role is responsible for leading and executing Governance, Risk, and Compliance (GRC) programs that protect customer trust, ensure regulatory compliance, and enable secure business growth. You will collaborate with technical, operational, and business teams to assess risks, manage audit readiness, and embed security practices into day-to-day operations. The position requires balancing strategic oversight with operational execution, driving efficiency through process improvement and automation, and providing actionable guidance across the organization. You will own key initiatives such as policy management, third-party risk, and compliance reporting, helping teams move securely while supporting innovation. This role offers the opportunity to shape and scale security programs in a digital-first, high-growth environment.

Requirements

5+ years of experience in information security, GRC, or IT/Information Security audit.
Demonstrated experience operating GRC programs in regulated technology or financial services environments.
Knowledge and application of security and compliance frameworks (SOC 2, NIST CSF 2.0, NIST SSDF, NYDFS, etc.).
Strong written and verbal communication skills for both technical and non-technical audiences.
Ability to design metrics, key risk indicators (KRIs), and reporting for diverse stakeholders.

Nice To Haves

experience in cloud-native environments (AWS)
GRC automation tools
relevant certifications (CISSP, CISA, CRISC, CISM)
light scripting/coding for workflow automation
familiarity with privacy/data protection regulations (GDPR, CCPA)

Responsibilities

Lead GRC programs to support audit readiness, regulatory compliance, and secure operational practices.
Manage core assurance activities, including SOC 2, SOX IT, and other security-related audits, coordinating across engineering, IT, and business teams.
Oversee information security policy management: drafting, reviewing, maintaining, and promoting awareness of policies and standards.
Execute the third-party risk management program, including vendor assessments, risk tracking, and remediation follow-up.
Respond to security due diligence requests from partners and prospects with timely and clear communication.
Improve the efficiency and consistency of GRC operations through automation, tooling, and process optimization.

Benefits

Competitive base salary ($140,000 â $194,000 USD) plus target bonuses and equity compensation.
401(k) plan with company match and Employee Stock Purchase Plan (ESPP).
Comprehensive medical, dental, and vision coverage with company contributions.
Paid time off, sick leave, company holidays, and family/parental leave.
Health Savings Account (HSA) contributions for eligible plans.
Income protection benefits, including company-paid Basic Life, AD&D, and Short-/Long-Term Disability coverage.
Financial wellness resources, including planning tools and concierge services.
Annual wellness and productivity allowances for personal and professional development.
Team events, onsites, and access to employee resource groups (ERGs).

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume