Cybersecurity Governance, Risk and Compliance (GRC) Program Manager

Job Title: Cybersecurity Governance, Risk and Compliance (GRC) Program Manager

Location: San Jose, CA (Onsite)

Duration: 6+ months contract

Description:

As a senior member of our cybersecurity team, you will play a critical role in ensuring the organization's alignment with regulatory requirements, industry standards, and internal policies. You will lead and manage various cybersecurity projects and initiatives, drive process improvements, and collaborate with key stakeholders to maintain a robust cybersecurity posture.

Key Responsibilities:

• Project Management:

o Assist in planning, executing, and delivering cybersecurity projects and initiatives

o Manage project timelines, resources, and budgets to ensure successful project delivery

• Governance & Compliance:

o Coordinate with teams to maintain regulatory compliance with industry standards (e.g., SOC2, NIST 800-171, ISO 27001, NIST 800-53)

o Develop and distribute information security reports to stakeholders

• User Access Reviews:

o Collaborate with stakeholders to perform quarterly user access reviews and monthly user activities

o Ensure timely completion and accurate documentation of user access reviews

• Subject Matter Expertise:

o Develop and manage the Compliance Program

o Coordinate Audit Evidence Gathering

o Oversee User Access Reviews

o Develop Policies and Processes

o Manage Change Management Processes

o Conduct Risk Assessments and Mitigation

• Third-Party Risk Management:

o Own and maintain Third-Party Risk Management evaluation practices to ensure effective risk management

• Policy Management:

o Maintain and update information security policies to ensure alignment with industry standards

o Create and maintain operating procedures to support policy implementation

Additional Responsibilities:

• Schedule meetings with stakeholders as needed.
• Provide regular project status updates.
• Assist in collecting evidence for audits compliance reviews.
• Follow up on outstanding items ensure timely resolution.

Requirements:

To be considered for this role you must have:

• Minimum 8 years experience in managing Cybersecurity compliance programs from start-to-finish.
• Proficiency industry-standard compliance programs (e.g., ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, FedRAMP, SOC 2).
• Demonstrated ability prioritizing tasks within fast-paced evolving environment.
• Strong analytical thinking verbal written communication skills.
• Excellent interpersonal skills ability work effectively others as team.
• Ability work independently effectively managing prioritizing multiple tasks.
• Strong understanding IT security concepts emphasis Security Risk Assessment.
• Relevant professional certifications such as PMP, CISSP, CISM, CISA.

Preferred Qualifications:

• Exceptional verbal and written communication skills, tailored for both technical and non-technical audiences