Manager, GRC, Awareness and Application Security

About The Position

Requirements

• Bachelor's degree in Information Security, Computer Science, Business, or related field required; Master's degree preferred.
• Required: CISSP, CRISC, or equivalent; Preferred: CISM, CSSLP, or other AppSec/GRC certifications.
• At least 7 years of progressive experience in cybersecurity, with hands-on expertise in the following domains: GRC, security awareness, application security
• Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma, biotech, healthcare, or manufacturing)
• Strong understanding of software development lifecycles, secure coding, and DevSecOps integration
• Experience managing vendor and third-party risk, including contract and assessment processes
• Familiarity with frameworks such as NIST CSF, ISO 27001, and FDA/GxP compliance requirements.
• Strong proficiency in Governance, Risk, and Compliance (GRC) frameworks (NIST CSF, ISO 27001, CIS Controls) and integration with enterprise GRC platforms and workflows.
• Expertise in Application Security practices, including secure SDLC, DevSecOps integration, and tools such as SAST, DAST, and SCA.
• Experience developing and executing security awareness and behavior-based education programs using data-driven metrics and analytics.
• Knowledge of third-party and vendor risk management processes, including assessments, contract reviews, and remediation tracking.
• Familiarity with regulatory and compliance requirements such as HIPAA, GxP, and 21 CFR Part 11, and with audit and readiness activities in regulated industries.
• Proficiency in cloud and identity security fundamentals (AWS, Azure, GCP; IAM and Zero Trust concepts).

Nice To Haves

• Master's degree preferred.
• Preferred: CISM, CSSLP, or other AppSec/GRC certifications.

Responsibilities

• Lead the North America security GRC program, ensuring alignment with global frameworks, enterprise risk appetite and reporting standards.
• Develop, implement, and maintain security policies and standards, integrating them into GRC tooling, develop workflows, and operational processes.
• Design and deliver a data-driven, behavior-based security awareness and education program tailored to various user groups across the organization.
• Partner with application teams to embed secure-by-design principles, threat modeling, and DevSecOps practices into SDLC and CI/CD pipelines.
• Oversee third-party risk management activities, including security due diligence, vendor assessments, and remediation tracking in collaboration with Legal and Procurement and IT teams
• Advance application security maturity by implementing tools such as SAST, DAST, and/or SCA, and ensuring remediation processes are embedded within engineering teams.
• Develop and maintain dashboards and key risk indicators (KRIs) to measure: o Organizational risk posture and control coverage. o Effectiveness of awareness programs (click rates, behavioral metrics, completion trends). o Application security maturity (vulnerabilities identified/prevented, developer engagement, remediation velocity).
• Provide clear, actionable insights to leadership, transforming complex risk and technical data into meaningful business context.
• Support internal and external audits, regulatory assessments, and compliance readiness activities across GxP, HIPAA, and data protection frameworks.
• Collaborate closely with global peers to harmonize governance, risk, and application security practices across all regions.

Benefits

• 401K with company match
• Discretionary Profit Share
• Annual Bonus Program (Sales Bonus for Sales Jobs)
• Generous PTO and Holiday Schedule which includes Summer and Winter Shut-Downs, Sick Days and, Volunteer Days
• Healthcare Benefits (Medical, Dental, Prescription Drugs and Vision)
• HSA & FSA Programs
• Well-Being and Work/Life Programs
• Life & Disability Insurance
• Concierge Services
• Long Term Incentive Program (subject to job level and performance)
• Pet Insurance
• Tuition Assistance
• Employee Referral Awards