Manager, IT Governance, Risk & Compliance

Our client is seeking a Manager, IT Governance, Risk & Compliance who will be responsible for governance, risk management, compliance, and cybersecurity awareness initiatives across the organization. You'll manage the Risk Register, Vulnerability Management, and Audit and Reporting programs and collaborates closely with the Security Operations Center (SOC) team to incorporate threat intelligence and incident response insights into governance, risk, and compliance strategies. Additionally, you will work with cross-functional teams to align security governance with business objectives and foster a security-conscious culture through awareness and training.

Responsibilities:

• Develop and maintain governance frameworks, policies, and standards aligned with NIST, ISO 27001, and other frameworks, ensuring alignment of security initiatives with business goals and enterprise architecture frameworks.
• Lead the Risk Register program, ensuring risks are identified, assessed, tracked, and mitigated effectively, and collaborate with the SOC team to incorporate incident response findings and threat intelligence into governance and risk management programs.
• Oversee the Vulnerability Management program, managing the identification, prioritization, and remediation of vulnerabilities and leveraging insights from the SOC team, and establish KPIs to measure the effectiveness of governance, risk, and compliance initiatives and continuously improve GRC processes.
• Coordinate security audits and compliance programs, performing internal and external audits and working to resolve findings promptly, and represent IT in FedRAMP certification efforts, collaborating with Product Development to ensure compliance.
• Develop and manage security awareness and training programs to promote a risk-aware culture across the organization, and provide executive-level reporting on risks, vulnerabilities, and compliance to senior leadership.

This hybrid role is based in Chicago NW Suburb (3 days per week onsite).

Qualifications:

• Bachelor s degree in Computer Science, Information Security, or a related field.
• Minimum of 7 years of experience in IT governance, risk management, or security program management.
• Proven experience managing risk registers, vulnerability management, and security audits.
• Strong knowledge of ISO 27001, NIST, and SOC 2 frameworks.
• Familiarity with FedRAMP or similar compliance frameworks preferred.
• Experience with hybrid IT environments (on-premises, AWS, Azure) and cloud security platforms.
• Expertise with vulnerability management tools (e.g., Tenable, Qualys, Wiz, Microsoft Defender).
• Proficiency in modern patch management tools (e.g., Intune, SCCM, Jamf).
• Strong interpersonal and collaboration skills, with the ability to influence senior stakeholders.
• Experience working with auditors and managing outsourced security services.
• Ability to work effectively under pressure and manage competing priorities.
• Collaborative mindset, with experience working with SOC teams or similar to enhance risk management.
• A results-oriented mindset, with a passion for efficiency, innovation, and continuous improvement.
• CRISC or CISM certification preferred.

Salary: $170,000- $180,000 per year

Benefits: Medical Insurance, PTO, 401 (k) and more