Senior Manager – Cybersecurity Governance, Risk & Compliance (GRC)

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 12+ years of experience in cybersecurity, information security, risk management, compliance, audit, or security operations.
• 3+ years of leadership or people management experience.
• Experience supporting or partnering with Security Operations (SOC) teams and incident response programs.
• Strong knowledge of cybersecurity frameworks, governance models, and risk management methodologies.
• Experience leading compliance initiatives, audits, and remediation programs.
• Experience managing third-party security assessments and vendor risk programs.
• Strong executive communication, stakeholder management, and presentation skills.

Nice To Haves

• Experience with Microsoft security and compliance technologies, including Microsoft Purview and Microsoft Sentinel.
• Experience working with SIEM, SOAR, EDR, MDR, vulnerability management, and GRC platforms.
• Experience within regulated or compliance-driven industries.
• Master's degree in a related discipline.

Responsibilities

• Lead the enterprise cybersecurity governance framework, including policies, standards, controls, and procedures.
• Drive cybersecurity strategy and roadmap initiatives aligned with business goals and risk tolerance.
• Provide leadership with visibility into cybersecurity posture, risks, compliance status, and program effectiveness.
• Lead governance committees and facilitate cross-functional cybersecurity initiatives.
• Conduct enterprise cybersecurity risk assessments and oversee risk treatment activities.
• Maintain the cybersecurity risk register and monitor remediation efforts.
• Evaluate emerging threats, vulnerabilities, and business impacts.
• Perform security reviews for new technologies, projects, and strategic initiatives.
• Lead third-party and vendor security risk assessments and due diligence activities.
• Manage cybersecurity compliance programs aligned with frameworks and regulations.
• Coordinate internal and external audits and oversee remediation of audit findings.
• Ensure security controls, documentation, and evidence repositories support ongoing compliance requirements.
• Monitor and report compliance performance and remediation progress.
• Partner with Security Operations teams and external providers to strengthen monitoring, threat detection, incident response, and vulnerability management programs.
• Review significant cybersecurity incidents, root cause analyses, and corrective action plans.
• Participate in incident response exercises, tabletop simulations, and post-incident reviews.
• Drive continuous improvement of security controls, detection capabilities, and response processes.
• Monitor security metrics, KPIs, KRIs, and operational reporting.
• Manage relationships with MDR, MSSP, SOC-as-a-Service, and other cybersecurity service providers.
• Review vendor assessments, SOC reports, penetration test results, and compliance documentation.
• Ensure third-party providers meet security, compliance, and contractual obligations.
• Lead vendor risk remediation and ongoing security performance reviews.
• Lead and mentor cybersecurity governance, risk, and compliance professionals.
• Partner with IT, Security, Legal, Privacy, HR, Audit, and business leaders to address cybersecurity risks and compliance requirements.
• Present cybersecurity risks, compliance status, audit results, and strategic recommendations to senior leadership and governance committees.
• Serve as a trusted advisor on cybersecurity governance, risk management, and regulatory compliance.

Benefits

• The base salary range for this role is $133,200 to $199,800.