GRC Manager

Overview: GRC Manager - Security Governance Salary: $179,000-$194,000 Role Overview We are seeking a strategic and hands-on GRC Manager to lead key functions within our Security Governance program. In this role, you will oversee policy management, compliance operations, vendor risk, security awareness initiatives, and broader governance activities. You'll guide a high-performing team, partner with technical and business leaders, and drive continuous improvements that strengthen the organization's security posture.

Key Responsibilities Program Strategy & Leadership Define and deliver the GRC roadmap, ensuring clear objectives, measurable outcomes, and cross-functional accountability. Report on program performance, risk trends, and compliance status to senior stakeholders. Policy, Standards & Governance Develop, update, and manage security policies and standards.

Review exception requests and ensure consistent enforcement across the organization. Monitor regulatory and industry changes, translating them into actionable guidance for leadership. Awareness & Training Lead security awareness initiatives, including phishing simulations and training content development.

Measure and improve program effectiveness through metrics and feedback loops. Compliance & Vendor Risk Management Coordinate and support SOC 2, ISO 27001, and client-driven assessments. Manage third-party risk evaluations and ensure appropriate remediation and documentation.

Risk & Controls Oversight Maintain enterprise risk registers, track mitigation efforts, and guide issue resolution. Lead internal control testing activities and partner with technical teams on corrective action plans. Qualifications Education & Certifications Bachelor's degree preferred.

Security certifications strongly preferred (e.g., CISSP , CISM , CISA ). Experience 7+ years in information security or GRC roles, including 4+ years in leadership or hands-on program ownership. Demonstrated experience running GRC programs, managing assessments, and overseeing technical control testing.

Skills & Expertise Strong knowledge of frameworks such as ISO 27001 , NIST , and SOC 2 . Ability to translate complex technical concepts for diverse audiences and act as a trusted advisor. Excellent writing skills for policy, training content, and technical documentation.

Familiarity with GRC platforms, IAM, SIEM, encryption, vulnerability management, and analytics tools (e.g., Power BI, Tableau). Comfortable interacting with clients, handling inquiries, and supporting audit or assessment engagements.