Manager, InfoSec Governance Risk and Compliance (GRC)

About The Position

Requirements

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor's degree in related field preferred or equivalent experience with proven skills.

Nice To Haves

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

Responsibilities

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua's security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

Benefits

• Medical, dental, vision and transportation benefits.
• Hybrid working model (3 days in the office per week).
• Snacks and weekly lunches in the office.
• Exceptional training and career development program.
• Regular social events, competitive outings, team running events, and musical activities.