Project Manager / Scrum Master - Governance, Risk Management, and Compliance (GRC)

Key Responsibilities

• Oversee planning, coordination, and delivery of all GRC initiatives across workstreams (Cybersecurity, IT, and Business Units).
• Drive project cadence, facilitate Agile ceremonies, and ensure consistent progress reporting to leadership.
• Maintain a unified view of dependencies, deliverables, and milestones across global teams.

• Support and manage certification efforts (e.g., ISO 27001, TX-RAMP) including readiness assessments, audits, and evidence collection.
• Coordinate ongoing maturity of the enterprise Information Security Management System (ISMS) program.
• Conduct gap assessments, track remediation plans, and sustain certification requirements and reporting cadence.

• Manage enterprise-level NIST CSF maturity assessments across global business units.
• Lead subsequent compliance reviews against internal security policies and standards.
• Consolidate findings into actionable reports and partner with teams to implement improvements.

• Enhance and operationalize the organization s risk management framework, integrating risk identification, assessment, mitigation, and closure.
• Expand and maintain the enterprise risk register, ensuring accurate tracking of risk impact, likelihood, financial exposure, and remediation status.
• Partner with stakeholders to mature risk quantification models supporting informed risk reduction or acceptance decisions.

• Replace manual metrics processes with automated, value-driven reporting dashboards.
• Develop and maintain a metrics library mapped to NIST CSF categories and key enterprise risks.
• Drive visibility into program performance, risk reduction, and audit readiness through clear, concise reporting.

• Advance the third-party risk management (TPRM) process through automation, improved partner risk identification, and streamlined assessments.
• Support Sarbanes-Oxley (SOX) control management improving documentation, testing, remediation tracking, and stakeholder communication.

Qualifications

• Bachelor s degree in information systems, Cybersecurity, or Business Administration (master s degree preferred).
• 10+ years of project or program management experience within cybersecurity, risk, or compliance domains.
• Demonstrated success in coordinating cross-functional GRC initiatives and managing certification efforts (ISO 27001, TX-RAMP, SOC 2, etc.).
• Experience leading NIST CSF or SOX maturity/compliance assessments.
• Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC, or OneTrust).
• Certified Scrum Master (CSM, PSM, or equivalent) required; PMP, CISSP, or CRISC a plus.
• Strong analytical, facilitation, and executive reporting skills.
• Prior experience in the power, energy, or utilities industry strongly preferred.

Idea candidate will bring

• Proven ability to connect governance frameworks to operational realities.
• A disciplined yet flexible mindset to balance Agile delivery and compliance rigor.
• Excellent communication and influencing skills to drive collaboration across Cyber, IT, and business lines.
• A passion for building sustainable, measurable, and auditable GRC capabilities.
• Experience in collaborating with international teams across time zones.
• Willingness to travel domestically and internationally.