Senior Security Governance Manager

About The Position

Requirements

• 7+ years of experience in cybersecurity, IT governance, risk management, or related fields.
• Proven track record in program management or governance within a security or risk context.
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
• Experience creating executive-level metrics and dashboards.
• Excellent communication and presentation skills, with the ability to convey technical concepts in business terms.

Nice To Haves

• Prior experience working in a CISO office or security governance function.
• Familiarity with regulatory and compliance standards across multiple industries.
• Project management certification (PMP, PRINCE2, or similar) or governance certifications (CGEIT, CRISC, CISM).
• Bachelor’s or Master’s degree in Information Security, IT, Business, or related

Responsibilities

• Oversee the execution of cybersecurity initiatives, ensuring alignment with business objectives, compliance obligations, and risk management priorities.
• Develop and maintain a comprehensive security governance framework aligned with industry standards (NIST CSF 2.0, ISO/IEC 27001, or SOC 2).
• Manage the Threat Management program, which assesses, identifies, quantifies, and prioritizes risk reduction.
• Maintain an up-to-date catalog of cybersecurity projects and initiatives, tracking progress, risks, and dependencies to ensure effective management and oversight. Build and facilitate governance channels, such as Risk advisories/meetings, to provide visibility, accountability, and decision-making support.
• Author and enforce technical security policies that are practical, enforceable, and aligned with legal requirements (GDPR, CCPA, etc.).
• Maintain the existing working group meetings to identify new risks, track remediation progress, and manage the threat register.
• Develop and maintain a cybersecurity control & project prioritization framework based on business risk, regulatory requirements, and resource capacity.
• Conduct technical risk assessments of cloud environments, third-party vendors, and internal systems to identify vulnerabilities and mandate remediation.
• Partner with security leaders, IT, Internal Audit, Engineering, and business stakeholders to recommend the sequencing of initiatives that maximize impact.
• Provide the CISO with clear recommendations on project trade-offs and resource allocation before executing projects. These outcomes should be based on outstanding risk to the business.
• Define and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of security programs and identify areas for improvement.
• Build executive-level dashboards and reports that translate technical program data into business-relevant insights.
• Support board and executive reporting by providing crisp, data-driven updates on program status and risk posture.
• Ensure that security initiatives support compliance requirements, as applicable, by partnering with the Security Assurance & Finance team.
• Collaborate with Enterprise Risk Management and Internal Audit teams to maintain alignment between cybersecurity program maturity and business outcomes.
• Act as the lead Project Manager for security transformations, ensuring that complex technical deployments (like Zero Trust architecture or AI-driven monitoring) are delivered on time and within budget.
• Act as a bridge between technical teams and senior management, ensuring clear communication of priorities, risks, and progress.
• Influence and educate stakeholders on cybersecurity governance principles and the business value of security investments.
• Mentor team members and foster a culture of accountability and continuous improvement.

Benefits

• medical
• dental
• vision benefits
• life insurance
• short term and long-term disability
• 401(k) retirement plan
• vacation and sick leave
• equity (stock) based compensation
• variable pay programs