Sr. Manager Risk & Governance

About The Position

Requirements

• Needs a background of at least 10 years in Security Risk Management, an Advanced Degree, or similar experience, or 13 years or more with a Bachelor's or equivalent experience in correlated domains.
• 3-5 years' experience managing high performing teams.
• In depth knowledge on security risk management and risk management models (FAIR, OCTAVE, NIST RMF, ISO 27005 etc.).
• Good understanding of security concepts, security stack & tools, industry trends and adversary insights.
• Proficiency in threat modeling, data science and analytics and AI/ML capabilities.
• Experience with platforms and automation for threat identification, detection and risk analysis.
• Familiarity with regulatory frameworks for technology and security risk management.
• Good understanding of innovative technologies and corresponding knowledge of potential security risks and vulnerabilities.
• Comfortable leading the Policy Governance function and has in-depth understanding and knowledge working with complex security policies and standards (e.g. Cloud Architecture, Vulnerability Management etc.).
• Led Compliance with Audit Frameworks (e.g. SOC2, ISO 27001, NIST 800-53 etc.).
• Relevant certifications such as CISSP, CISM, CISA, CRISC. Professional Risk Manager (PRM) certification is a plus.

Responsibilities

• Guide the transformation of the security risk program to include qualitative measurements complemented by quantitative insights, integrating AI, data interpretation, and financial analysis.
• Maintain and operate the company's security risk framework, ensuring risks are accurately captured, updated, and prioritized.
• Provide the strategic vision, and drive maturity of, the Security Governance and Policy program.
• Ensure Policies and Standards program aligned to a centralized governing strategy that includes key input from Security Architecture, Adobe Common Controls Framework (CCF), Cyber Operations, and Product Security.
• Apply and integrate industry risk frameworks (FAIR, NIST RMF, ISO 42001, etc.) into Adobe's governance processes.
• Quantify risks in financial terms (e.g., cost of impact, expected loss, return on investment on controls) to support executive decision making where possible.
• Develop dashboards and BI reporting tools to visualize risk metrics and trends for both technical and non-technical partners.
• Manage and mentor a small, highly skilled risk and governance management team, ensuring collaboration and continuous development.
• Facilitate multi-functional workshops and meetings to drive risk & governance awareness and alignment across business and security teams.
• Monitor regulatory, technological, and procedural changes, ensuring ongoing compliance and adaptability.
• Implement and optimize GRC platforms (e.g., ServiceNow IRM, Archer, Vanta, Drata) and ensure seamless integration with enterprise tools.
• Prepare and deliver clear, business-focused reports and presentations for senior leadership, bridging technical detail with strategic insights.

Benefits

• Comprehensive benefits programs
• Equal Employment Opportunity employer
• Flexible work arrangements