Sr. Manager, IT Security - GRC

About The Position

Requirements

• Bachelor’s Degree in Information Security, Information Technology, Risk Management, or a related field
• 7+ years of experience in cybersecurity, risk management, compliance, or audit roles
• 3+ years of experience in a GRC leadership or senior individual contributor role
• Strong working knowledge of NIST CSF, ISO 27001, SOC 2, and cybersecurity risk assessment methodologies
• Experience managing audits, compliance programs, and enterprise risk registers end‑to‑end
• Excellent written and verbal communication skills, with the ability to influence senior leaders
• Proven ability to balance security requirements with business objectives

Nice To Haves

• Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or OneTrust preferred
• Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer preferred

Responsibilities

• Lead and mature the enterprise cybersecurity governance, risk, and compliance (GRC) program, including policies, standards, procedures, and metrics
• Maintain and align cybersecurity frameworks with industry standards such as NIST CSF, ISO 27001, CIS, and SOC 2
• Mature and oversee security risk tolerance, exception management, and control ownership processes
• Ensure cybersecurity governance aligns with enterprise risk management (ERM) objectives
• Lead cybersecurity risk assessments, control gap analyses, and third‑party risk assessments
• Maintain the enterprise cyber risk register, including risk scoring, treatment plans, and remediation tracking
• Partner with technical and business teams to ensure risks are mitigated, transferred, or formally accepted
• Translate technical threats and vulnerabilities into clear, business‑focused risk statements
• Manage cybersecurity compliance initiatives for regulatory, industry, and contractual obligations (e.g., SOC 2, ISO, SOX, HIPAA, PCI, privacy frameworks)
• Act as primary liaison for internal and external audits, coordinating evidence collection and remediation activities
• Support customer security assessments, due diligence requests, and RFP responses
• Monitor regulatory changes and assess organizational impact
• Develop and maintain cybersecurity risk and compliance metrics for leadership
• Create dashboards and reports that clearly communicate risk posture, trends, and remediation status
• Present risk assessments, recommendations, and program updates to senior leadership
• Lead, mentor, and develop GRC engineers, analysts or contributors
• Collaborate with Security Operations, Engineering, Legal, Internal Audit, and Procurement teams
• Promote risk‑aware decision‑making and a culture of security accountability

Benefits

• Health coverage (3 medical options, dental and vision)
• 401(k) Retirement Plan w/company match
• Health Savings Accounts w/company match
• FREE virtual primary care, acute care and physical therapy
• FREE Employee Assistance Program
• Company paid (vacation, holidays, sick time, bereavement, jury duty, maternity/parental, disability leave and volunteer time)
• Discounted & free product
• Tuition reimbursement
• Opportunities for career advancement