Job Details

Role Overview

We are seeking an experienced and strategic Senior Manager – Global Governance, Risk & Compliance (GRC) to lead and mature our Governance, Risk, and Compliance program. This role will be responsible for establishing policies, managing enterprise risk, ensuring regulatory compliance, and aligning security initiatives with business objectives. The ideal candidate brings strong leadership, deep regulatory knowledge, and hands-on experience building scalable GRC frameworks. The role reports to the Deputy CISO.

Job Duties

Governance & Strategy

• Develop and maintain enterprise-wide GRC strategy, policies, and standards
• Align security governance with business goals and risk appetite
• Lead internal governance committees and reporting to senior leadership

Risk Management

• Oversee enterprise risk assessments (cyber, operational, third-party)
• Define and maintain risk registers and mitigation plans
• Implement and manage risk frameworks (e.g., NIST, ISO 27001)

Compliance & Regulatory

• Ensure compliance with applicable regulations and standards (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA as applicable)
• Manage internal and external audits
• Maintain documentation and evidence for audits and certifications

Third-Party Risk Management

• Develop and manage vendor risk assessment programs
• Evaluate supplier security posture and contractual obligations

Security Awareness & Training

• Lead organization-wide security awareness initiatives
• Promote a culture of risk awareness and compliance

Leadership & Stakeholder Management

• Lead and mentor GRC team members
• Collaborate with IT, Legal, HR, and business units
• Communicate risk posture to executive leadership and board-level stakeholders

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field
• 15+ years of experience in GRC, risk management, or information security
• 10+ years in a leadership or management role
• Strong knowledge of frameworks such as NIST, ISO 27001, SOC 2

Preferred Qualifications

• Professional certifications such as:
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
• Experience with GRC tools 

Candidates with qualifications exceeding the minimum job requirements will be considered for higher-level positions based on their experience, additional job requirements, and current business needs. Depending on their education, experience, and skill level, candidates may be eligible for a range of job opportunities, including IT Director.

World Class Benefits:

Role Overview

We are seeking an experienced and strategic Senior Manager – Global Governance, Risk & Compliance (GRC) to lead and mature our Governance, Risk, and Compliance program. This role will be responsible for establishing policies, managing enterprise risk, ensuring regulatory compliance, and aligning security initiatives with business objectives. The ideal candidate brings strong leadership, deep regulatory knowledge, and hands-on experience building scalable GRC frameworks. The role reports to the Deputy CISO.

Job Duties

Governance & Strategy

• Develop and maintain enterprise-wide GRC strategy, policies, and standards
• Align security governance with business goals and risk appetite
• Lead internal governance committees and reporting to senior leadership

Risk Management

• Oversee enterprise risk assessments (cyber, operational, third-party)
• Define and maintain risk registers and mitigation plans
• Implement and manage risk frameworks (e.g., NIST, ISO 27001)

Compliance & Regulatory

• Ensure compliance with applicable regulations and standards (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA as applicable)
• Manage internal and external audits
• Maintain documentation and evidence for audits and certifications

Third-Party Risk Management

• Develop and manage vendor risk assessment programs
• Evaluate supplier security posture and contractual obligations

Security Awareness & Training

• Lead organization-wide security awareness initiatives
• Promote a culture of risk awareness and compliance

Leadership & Stakeholder Management

• Lead and mentor GRC team members
• Collaborate with IT, Legal, HR, and business units
• Communicate risk posture to executive leadership and board-level stakeholders

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field
• 15+ years of experience in GRC, risk management, or information security
• 10+ years in a leadership or management role
• Strong knowledge of frameworks such as NIST, ISO 27001, SOC 2

Preferred Qualifications

• Professional certifications such as:
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
• Experience with GRC tools 

Candidates with qualifications exceeding the minimum job requirements will be considered for higher-level positions based on their experience, additional job requirements, and current business needs. Depending on their education, experience, and skill level, candidates may be eligible for a range of job opportunities, including IT Director.

World Class Benefits:

Role Overview

We are seeking an experienced and strategic Senior Manager – Global Governance, Risk & Compliance (GRC) to lead and mature our Governance, Risk, and Compliance program. This role will be responsible for establishing policies, managing enterprise risk, ensuring regulatory compliance, and aligning security initiatives with business objectives. The ideal candidate brings strong leadership, deep regulatory knowledge, and hands-on experience building scalable GRC frameworks. The role reports to the Deputy CISO.

Job Duties

Governance & Strategy

• Develop and maintain enterprise-wide GRC strategy, policies, and standards
• Align security governance with business goals and risk appetite
• Lead internal governance committees and reporting to senior leadership

Risk Management

• Oversee enterprise risk assessments (cyber, operational, third-party)
• Define and maintain risk registers and mitigation plans
• Implement and manage risk frameworks (e.g., NIST, ISO 27001)

Compliance & Regulatory

• Ensure compliance with applicable regulations and standards (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA as applicable)
• Manage internal and external audits
• Maintain documentation and evidence for audits and certifications

Third-Party Risk Management

• Develop and manage vendor risk assessment programs
• Evaluate supplier security posture and contractual obligations

Security Awareness & Training

• Lead organization-wide security awareness initiatives
• Promote a culture of risk awareness and compliance

Leadership & Stakeholder Management

• Lead and mentor GRC team members
• Collaborate with IT, Legal, HR, and business units
• Communicate risk posture to executive leadership and board-level stakeholders

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field
• 15+ years of experience in GRC, risk management, or information security
• 10+ years in a leadership or management role
• Strong knowledge of frameworks such as NIST, ISO 27001, SOC 2

Preferred Qualifications

• Professional certifications such as:
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
• Experience with GRC tools 

Candidates with qualifications exceeding the minimum job requirements will be considered for higher-level positions based on their experience, additional job requirements, and current business needs. Depending on their education, experience, and skill level, candidates may be eligible for a range of job opportunities, including IT Director.

World Class Benefits:

Role Overview

We are seeking an experienced and strategic Senior Manager – Global Governance, Risk & Compliance (GRC) to lead and mature our Governance, Risk, and Compliance program. This role will be responsible for establishing policies, managing enterprise risk, ensuring regulatory compliance, and aligning security initiatives with business objectives. The ideal candidate brings strong leadership, deep regulatory knowledge, and hands-on experience building scalable GRC frameworks. The role reports to the Deputy CISO.

Job Duties

Governance & Strategy

• Develop and maintain enterprise-wide GRC strategy, policies, and standards
• Align security governance with business goals and risk appetite
• Lead internal governance committees and reporting to senior leadership

Risk Management

• Oversee enterprise risk assessments (cyber, operational, third-party)
• Define and maintain risk registers and mitigation plans
• Implement and manage risk frameworks (e.g., NIST, ISO 27001)

Compliance & Regulatory

• Ensure compliance with applicable regulations and standards (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA as applicable)
• Manage internal and external audits
• Maintain documentation and evidence for audits and certifications

Third-Party Risk Management

• Develop and manage vendor risk assessment programs
• Evaluate supplier security posture and contractual obligations

Security Awareness & Training

• Lead organization-wide security awareness initiatives
• Promote a culture of risk awareness and compliance

Leadership & Stakeholder Management

• Lead and mentor GRC team members
• Collaborate with IT, Legal, HR, and business units
• Communicate risk posture to executive leadership and board-level stakeholders

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field
• 15+ years of experience in GRC, risk management, or information security
• 10+ years in a leadership or management role
• Strong knowledge of frameworks such as NIST, ISO 27001, SOC 2

Preferred Qualifications

• Professional certifications such as:
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
• Experience with GRC tools 

Candidates with qualifications exceeding the minimum job requirements will be considered for higher-level positions based on their experience, additional job requirements, and current business needs. Depending on their education, experience, and skill level, candidates may be eligible for a range of job opportunities, including IT Director.

World Class Benefits: