Manager, GRC Programs

About The Position

Requirements

• Bachelor's Degree Cybersecurity, information technology, or a related field required
• 7-9 years GRC or Cybersecurity role required
• 1-3 years Leadership/people management required
• Expertise in GRC platforms (e.g., Microsoft Purview, Varonis, AuditBoard).
• Expertise in developing and managing ITRM and TPRM programs.
• Expertise in developing and managing GRC libraries.
• Deep understanding of regulatory and security frameworks (e.g., PCI, GDPR, HITRUST, ISO 27001, NIST 800-53, NIST 800-161).
• Proven leadership in cross-functional environments and ability to influence at all organizational levels.
• Strong strategic thinking, analytical, reporting, and problem-solving skills.
• Excellent communication skills, both written and verbal.
• Ability to manage multiple priorities and drive results in a dynamic environment

Nice To Haves

• Master's Degree Related field preferred

Responsibilities

• Oversee the lifecycle management of enterprise security policies, standards, and procedures, ensuring alignment with regulatory requirements and security frameworks.
• Coordinate cross-functional policy development and review processes with stakeholders including IT, legal, compliance, and product security.
• Maintain governance documentation repositories, including policy libraries, control frameworks, and governance artifacts within the GRC libraries and platform.
• Support the Director of GRC in implementing governance frameworks aligned to industry standards such as ISO 27001, NIST, CIS, HIPAA, and GDPR.
• Manage policy exception workflows, ensuring risk acceptance and remediation activities are properly documented and tracked.
• Lead operational execution of the organization’s GRC programs, libraries, and intranet content, ensuring consistent implementation of governance initiatives across security and IT teams.
• Administer and optimize GRC platforms (e.g., AuditBoard, ServiceNow) used for risk tracking, audit coordination, and control management.
• Establish scalable workflows for governance processes including risk intake, exception management, and issue tracking.
• Drive continuous improvement initiatives across GRC operations to increase automation, reporting capabilities, and operational efficiency.
• Provide operational leadership and mentorship to GRC analysts responsible for governance administration and program support.
• Lead enterprise technology risk management processes by coordinating risk intake, documentation, and tracking activities within the risk register and GRC platform.
• Oversee and manage Risk and GRC Analysts and related processes for risk governance processes, including risk assessment coordination, risk registers, remediation tracking, and risk reporting.
• Ensure consistent risk management workflows across IT and security teams, enabling visibility into technology and operational risk exposure.
• Facilitate risk review discussions and support the preparation of risk reporting for leadership, risk, and governance committees.
• Lead operational coordination of the organization’s third-party risk management program and management of GRC TPRM platform and processes.
• Establish and maintain vendor risk intake, assessment workflows, and vendor inventory tracking processes.
• Partner with procurement, legal, and business stakeholders to ensure vendor risk assessments are completed and documented appropriately.
• Track remediation efforts and risk treatment plans for vendors identified as high-risk.
• Support the development and maturity of scalable vendor risk management processes aligned with enterprise risk governance.
• Support and partnership of internal and external audit activities with the Internal Audit Manager, ensuring governance artifacts and evidence are readily available and managed in the GRC/Audit platform.
• Support contract review processes and ensure tracking via ticketing and/or GRC platform.
• Support trust center initiatives and maintain related libraries used to support security due diligence requests from customers and partners.
• Support cross-functional responses to complex customer security inquiries requiring input from multiple technical teams.
• Lead collaboration and liaisons between security, IT, product security, legal, compliance, and business teams for GRC initiatives.
• Ensure governance and risk programs remain aligned with evolving regulatory requirements and organizational priorities.
• Lead and support global governance initiatives by coordinating governance processes with regional stakeholders, including EMEA teams.
• Lead and facilitate communication and collaboration between operational security teams and GRC leadership.
• Develop and maintain GRC program metrics and dashboards to track program performance and maturity.
• Monitor key governance indicators including policy lifecycle completion, risk remediation progress, vendor assessment status, and trust center response metrics.
• Provide regular updates to the Director of GRC and Director of Security & Technology Risk Management on program status, risks, and operational improvements.
• Support enterprise security awareness and compliance-related training activities.
• Partner with the GRC Analyst(s) responsible for awareness programs to ensure GRC and Security topics are incorporated into employee training and communications.
• Promote a culture of security and compliance through consistent security messaging and collaboration with HR and corporate communications teams.
• Manage and mentor global group of GRC and Risk analysts responsible for governance operations and program support.
• Foster a collaborative environment focused on operational excellence, accountability, and continuous improvement.
• Identify opportunities to improve team processes, capabilities, and governance maturity.