Manager Cybersecurity Governance, Risk & Compliance

rogerscoChandler, AZ
69d
Match Resume

About The Position

This role is responsible for leading the Cybersecurity Governance, Risk, & Compliance function with responsibility for a risk-based compliance program that integrates Assessment & Authorization (A&A/RMF), policy and planning, and continuous monitoring across on-premise and cloud environments. Coordinates security control assessments and system authorizations per NIST RMF practices and develops/maintains cybersecurity policy and governance to ensure alignment with enterprise goals and regulatory obligations (e.g., SOX, NIST 800-NNN, ISO/IEC 27001, privacy laws). Primary alignment to NICE Systems Authorization and Cybersecurity Policy & Planning work roles, with additional responsibilities consistent with the Authorizing Official/Designating Representative role for risk acceptance and accreditation decisions.

Requirements

  • Bachelor’s degree in information systems, computer science, cybersecurity, or related field (or equivalent experience).
  • Certifications: CISA, CISM, CRISC, CIPM, CGEIT, or CISSP (preferred).
  • 5+ years in IT Compliance / GRC, including RMF based A&A, policy governance, audit management, and third party risk.
  • Hands on with NIST control baselines, ISO/IEC 27001 controls, SOX ITGCs, and privacy obligations.
  • Experience with GRC platforms, evidence automation, and cloud compliance tooling.
  • Strong leadership, stakeholder communication, and executive reporting skills.

Responsibilities

  • Lead the enterprise Assessment & Authorization (A&A) lifecycle—categorization, control selection/implementation, assessment, authorization, and continuous monitoring—using the NIST RMF and organizational procedures.
  • Oversee and perform security control assessments; document results, identify systemic issues, and track remediation to closure.
  • Prepare, review, and maintain authorization packages (e.g., SSP, SAR, POA&M); recommend risk disposition and authorization decisions.
  • Develop, publish, and maintain cybersecurity policies, standards, and implementation guidelines; ensure policy alignment to business objectives and regulations.
  • Establish compliance metrics and executive reporting (e.g., control effectiveness, residual risk trends, time-to-remediate, audit closure rate); drive continuous improvement.
  • Coordinate internal/external audits; design and implement independent audit processes for applications, networks, and systems; validate corrective actions.
  • Govern third-party/supplier compliance (security and privacy requirements, contractual clauses, assessments) and track risk treatment.
  • Advise leadership on risk acceptance and authorization determinations; ensure decisions reflect organizational risk tolerance and mission impacts.
  • Integrate policy, standards, and A&A activities with security architecture/engineering and IT operations to embed compliance by design.
  • Monitor emerging regulations and technologies; update policy and control baselines accordingly.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service