Sr. Manager, GRC

About The Position

Requirements

• Typically 8+ years including 3+ years of management experience
• Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
• This position will have access to ITAR product and therefore be authorized to access product.
• This position requires the employee to be a U.S. Citizen or National, or a lawful permanent resident as defined by 8 U.S.C. 1101(a)(20), or a protected individual as defined by 8 U.S.C. 1324b(a)(3).

Nice To Haves

• Multiple functional domains

Responsibilities

• Lead enterprise cybersecurity and IT compliance programs, including SOX ITGCs & Application controls, PCI DSS, CMMC, and other applicable regulatory and contractual requirements.
• Design, implement, and maintain continuous control monitoring processes to validate the effectiveness of cybersecurity and IT controls on an ongoing basis.
• Translate regulatory and compliance requirements into practical, scalable control expectations aligned to enterprise architecture and operational realities.
• Proactively identify compliance gaps, assess risk, and drive remediation plans in partnership with control owners.
• Periodically assess against NIST CSF and other cybersecurity frameworks.
• Own and manage the Audit Liaison function for cybersecurity and IT risk, serving as the primary interface between the company and external auditors, assessors, and regulators.
• Support control owners by raising awareness of compliance requirements, assisting with controls design, and serving as primary interface between Global Audit and audited IT teams.
• Support Global Audit and external auditors in audit planning, evidence collection, walkthroughs, and issue response across global teams.
• Ensure audit findings are clearly understood, risk-ranked, and translated into actionable remediation plans with accountable owners and timelines.
• Track and report status of remediation action plans.
• Drive consistency and quality in audit responses, reducing friction and repeat findings year over year.
• Lead the cybersecurity portion of contract reviews in support of all business units, evaluating customer, partner, and supplier cybersecurity requirements.
• Partner with Legal, Sales, Procurement, and Business Leaders to assess contractual risk, negotiate security terms, and ensure commitments align with the company’s cybersecurity capabilities and risk tolerance.
• Provide clear guidance on acceptable risk positions and required controls to enable informed business decisions without unnecessary delays.
• Facilitate Technical and Organizational Measures (TOMs) review requirements of GDPR during business vendor selection process by coordinating teams to complete the non-cyber portion of the reviews and providing a risk assessment for the cybersecurity component of TOMs.
• Provide the complete assessment report and final risk rating to the Business.
• Provide assistance to the Business to interpret the risk rating and possible options to mitigate the risks, if required.
• Answer Customer’s request for information (RFIs) by completing the cybersecurity portions of RFIs and gathering responses for other IT portions of the RFIs.
• Oversee the cybersecurity components of the Third-Party Risk Management program for business suppliers, including risk assessments and due diligence.
• Ensure third-party risks are identified, documented, and managed in alignment with enterprise risk management practices.
• Collaborate with Business stakeholders and Contracts team to integrate cybersecurity requirements throughout the supplier lifecycle.
• Collaborate with Procurement and Vendor Management teams to integrate cybersecurity requirements throughout the vendor lifecycle.
• Develop, maintain, and govern enterprise cybersecurity policies and standards.
• Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes while remaining practical and business-focused.
• Drive awareness and adoption of cybersecurity governance across IT and business stakeholders.
• Lead the enterprise cybersecurity training and awareness program, ensuring content is role-appropriate, engaging, and aligned to real-world risks.
• Test and raise awareness of phishing reporting processes through phishing exercises.
• Measure program effectiveness through metrics, trends, and behavioral indicators, continuously improving the program to address emerging threats and business needs.
• Promote a culture of shared responsibility for cybersecurity across the organization.
• Own and manage the enterprise cybersecurity risk register, ensuring risks are clearly articulated, consistently assessed, and aligned to the company’s risk taxonomy.
• Facilitate risk identification, risk acceptance, and risk treatment decisions with business and technology leaders.
• Analyze risk trends and metrics to provide insights that help leadership prioritize investments and focus efforts on the most material risks.
• Support executive and board-level reporting by translating technical risk into business-relevant language.
• Facilitate communications between IT, Legal, Procurement, HR and business stakeholders during cybersecurity incident response
• Provide customer notification requirements to the Security Operations team to maintain as part of Cyber Operations IR plans
• Collaborate with Avnet Communications teams for external and internal cybersecurity communications
• Collaborate with Legal and Contracts teams for interpretation of contractual, regulatory, and other legal compliance requirements during cybersecurity incidents.
• Consult BISOs and Business stakeholders on the certification process, controls, scope, stakeholder identification, preparation for gap assessments, selecting an assessor and business funding.
• Provide guidance to the teams to be assessed or audited.
• Collaborate with BISOs, third-party assessors and stakeholders to schedule gap assessment interviews, attend gap assessment and certification assessment sessions as a facilitator/subject matter expert (SME) on GIS related topics.
• Provide consultation services for assessment and implementation quotes.
• Perform self-assessments of IT controls as part of approved project activities.
• Manages direct managers and/or highly skilled specialists in multiple global regions who exercise significant latitude and independence.
• Often oversees one or more departments or related teams.
• Other duties as assigned.

Benefits

• Generous Paid Time Off
• 401K and Pension Plan
• Paid Holidays
• Family Support (Paid Leave, Surrogacy, Adoption)
• Medical, Dental, Vision, and Life Insurance
• Long-term and Short-term Disability Insurance
• Health Savings Account / Flexible Spending Account
• Education Assistance
• Employee Development Resources
• Employee Wellness, Leadership Development and Mentorship Programs