Manager of Governance, Risk, and Compliance (GRC)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.
• 7+ years of progressive experience in cybersecurity and information technology, with a minimum of 3 years focused on GRC functions.
• Experience managing risk and compliance for commercial cloud-hosted environments (AWS, Azure, Google).
• Hands-on experience with compliance frameworks such as: SSAE 18 (SOC 1 & 2), ISO 27001/27701, NIST 800-53, NIST CSF, CIS.
• Familiar with GDPR, CCPA and/or other data protection regulations.
• Proven ability to manage audits, compliance assessments, and evidence collection in a fast-paced environment.
• Strong understanding of DevSecOps, CI/CD pipelines, and shared responsibility models for software application security.
• Demonstrated experience with risk management tools (e.g., Archer, ServiceNow GRC, OneTrust, LogicGate, etc.).
• Excellent communication and stakeholder management skills across technical and executive audiences.

Nice To Haves

• CISM, CISA, CISSP, GSLC, or equivalent.
• Master’s degree or equivalent work experience.

Responsibilities

• Lead governance, risk, and compliance initiatives across the insurance software business unit.
• Ensure alignment with corporate cybersecurity standards, regulatory frameworks, and customer contractual obligations.
• Oversee risk management, control assurance, and audit readiness activities.
• Collaborate with product, engineering, and operations teams to embed security governance and compliance into the software development and service delivery lifecycle.

Benefits

• Flexible work model prioritizing in-person collaboration.
• Commitment to fostering an inclusive environment.