GRC Manager - Security Governance

Salary: $179,000-$194,000

Role Overview

We are seeking a strategic and handson GRC Manager to lead key functions within our Security Governance program. In this role, you will oversee policy management, compliance operations, vendor risk, security awareness initiatives, and broader governance activities. You ll guide a highperforming team, partner with technical and business leaders, and drive continuous improvements that strengthen the organization s security posture.

Key Responsibilities

Program Strategy & Leadership

• Define and deliver the GRC roadmap, ensuring clear objectives, measurable outcomes, and crossfunctional accountability.
• Report on program performance, risk trends, and compliance status to senior stakeholders.

Policy, Standards & Governance

• Develop, update, and manage security policies and standards.
• Review exception requests and ensure consistent enforcement across the organization.
• Monitor regulatory and industry changes, translating them into actionable guidance for leadership.

Awareness & Training

• Lead security awareness initiatives, including phishing simulations and training content development.
• Measure and improve program effectiveness through metrics and feedback loops.

Compliance & Vendor Risk Management

• Coordinate and support SOC 2, ISO 27001, and clientdriven assessments.
• Manage thirdparty risk evaluations and ensure appropriate remediation and documentation.

Risk & Controls Oversight

• Maintain enterprise risk registers, track mitigation efforts, and guide issue resolution.
• Lead internal control testing activities and partner with technical teams on corrective action plans.

Qualifications

Education & Certifications

• Bachelor s degree preferred.
• Security certifications strongly preferred (e.g., CISSP, CISM, CISA).

Experience

• 7+ years in information security or GRC roles, including 4+ years in leadership or handson program ownership.
• Demonstrated experience running GRC programs, managing assessments, and overseeing technical control testing.

Skills & Expertise

• Strong knowledge of frameworks such as ISO 27001, NIST, and SOC 2.
• Ability to translate complex technical concepts for diverse audiences and act as a trusted advisor.
• Excellent writing skills for policy, training content, and technical documentation.
• Familiarity with GRC platforms, IAM, SIEM, encryption, vulnerability management, and analytics tools (e.g., Power BI, Tableau).
• Comfortable interacting with clients, handling inquiries, and supporting audit or assessment engagements.