GRC Program Manager

Job Description:

Overview

We are seeking a GRC Program Manager to partner closely withServiceNow Delivery OperationsandCMDBteams to enable the successful implementation and ongoing transformation ofServiceNowand theCMDB. This role will embed risk management and governance by design into delivery helping ensure the platform, data, processes, and operating model meet regulatory expectations, internal standards, and audit requirements while supporting speed and quality of execution.

Responsibilities
Partner withServiceNow Delivery OperationsandCMDBstakeholders to integrate risk management into the platform implementation and continuous improvement roadmap.
Establish and drive agovernance-by-designapproach for ServiceNow and CMDB (controls, standards, approvals, and guardrails built into delivery processes).
Perform risk assessments for ServiceNow/CMDB initiatives (scope changes, integrations, data migration, releases), documenting risks, mitigations, owners, and dates to closure.
Define and facilitate governance forums (steering/working groups) to review risk posture, key decisions, exception requests, and delivery readiness.
Build and maintain a risk register for the ServiceNow/CMDB program, including dependencies, key control gaps, and remediation plans.
Support development of strong CMDB risk practices, includingdata quality controls, lifecycle governance, ownership (RACI), and critical configuration item (CI) standards.
Assess and monitor risks across key areas such as: access management, segregation of duties, change/release management, SDLC controls, data integrity, resiliency/DR, vendor risk, and interface/integration controls.
Create clear executive reporting (KRIs/KPIs) for platform and data risk: data completeness/accuracy, reconciliation outcomes, stale/aging CIs, unauthorized changes, control exceptions, overdue remediation items.
Coordinate with Cybersecurity, IT Risk, Compliance, and Audit (1LoD/2LoD alignment) to ensure requirements are understood and evidenced without slowing delivery.
Support audit and exam readiness for ServiceNow/CMDB by maintaining traceable documentation, decisions, and evidence of control execution.
Help mature operating procedures and playbooks for ongoing transformation (release gates, risk acceptance, exception management, control testing cadence).

Success Measures
Measurable reduction in high/critical risks and aging remediation items tied to ServiceNow/CMDB delivery.
Improved CMDB data quality (completeness, accuracy, timeliness) and reduced unauthorized/incorrect CI changes.
Consistent execution of delivery governance (controls embedded in intake, release, and operational processes).
Improved audit/exam outcomes through strong evidence, clear decisioning, and sustained control operation.
Higher stakeholder confidence and transparency through actionable, timely risk reporting.