Program Manager, Security Governance & Risk Reporting

About The Position

Requirements

• Bachelor’s degree in Information Security, Information Technology, Risk Management, Business, or a related field, or equivalent experience.
• 5+ years of experience in Information Security, Security Governance/Risk, or related roles.
• Proven experience delivering security metrics, dashboards, and executive or board-level reporting.
• Strong understanding of information security risk concepts, controls, and governance processes.
• Experience coordinating cross-functional initiatives in a complex enterprise environment.
• Exceptional written and verbal communication skills with the ability to influence without authority.

Nice To Haves

• Experience operating in a regulated or large-scale enterprise environment.
• Familiarity with security and risk frameworks (e.g., NIST, ISO 27001, CIS Controls).
• Hands-on experience with tools such as Jira, ServiceNow, GRC platforms, and reporting/visualization tools (e.g., Power BI).
• Relevant certifications (CISM, CISSP, CRISC, PMP) are a plus.

Responsibilities

• Own and evolve an established Information Security metrics and KPI framework aligned to enterprise risk and governance objectives.
• Produce accurate, timely dashboards and reports for senior leadership and board-level visibility.
• Translate complex security and risk data into clear, business-relevant insights and trends.
• Ensure consistency, data quality, and integrity across all security reporting artifacts.
• Identify opportunities to enhance metrics maturity, visualization, and storytelling.
• Coordinate the Information Security risk acceptance process from intake through closure.
• Ensure risks are clearly documented, tracked, reviewed, and communicated to the appropriate governance forums.
• Partner with risk owners, security teams, and stakeholders to gather required inputs, evidence, and compensating controls.
• Maintain accurate records of accepted risk, review dates, and remediation dependencies.
• Act as a facilitator and advisor—not the risk decision-maker—to enable transparent, well-informed governance.
• Coordinate delivery of Information Security initiatives across internal teams and external partners.
• Track milestones, dependencies, and status for remediation efforts, metrics collection, and risk closure activities.
• Proactively surface risks, delays, and blockers, and work with stakeholders to drive resolution.
• Standardize lightweight project tracking and reporting practices within the security organization.
• Support portfolio-level visibility into security initiatives tied to risk reduction and strategic objectives.
• Serve as a trusted communication bridge between Information Security, Technology, Risk, Compliance, and business teams.
• Prepare concise executive-ready materials including briefings, decks, and written summaries.
• Support consistent messaging on security posture, risk trends, and program progress.
• Enable alignment and shared understanding across technical and non-technical audiences.
• Provide guidance, prioritization, and mentoring for up to one direct report.
• Balance people leadership responsibilities with hands-on delivery and ownership of key outputs.

Benefits

• Participation in our incentive programs (which may include eligible cash, equity, or commissions).
• Paid vacation
• Holidays
• Sick time
• Parental leave
• Recharge leave
• Medical benefits
• Tele-health benefits
• Dental benefits
• Vision benefits
• 401(k) plan
• Flexible spending accounts (FSAs)
• Commuter program
• Life insurance
• Disability insurance
• Maven (a support system for new parents)
• Carrot (fertility benefits)
• UrbanSitter (caregiver referral network)
• Employee Assistance Program
• Pet insurance