Job SummaryThe ServiceNow GRC (IRM) & SecOps Product Manager is responsible for defining and driving the strategy, roadmap, governance, and adoption of ServiceNow Integrated Risk Management (IRM/GRC) and Security Operations (SecOps) capabilities. This role partners across Security, Risk, Compliance, Audit, and IT teams to deliver scalable solutions that improve risk visibility, regulatory compliance, vulnerability management, and overall cyber resilience.
Role Description- Own and manage the ServiceNow IRM/GRC and SecOps product roadmap, ensuring alignment with the enterprise risk and security strategy.
- Drive adoption and maturity of key capabilities, including:
- Policy & Compliance
- Risk Management
- Audit Management
- Business Continuity Management (BCM)
- Third-Party Risk Management (TPRM)
- Vulnerability Response
- Security Incident Response
- Threat Intelligence
- Partner with Security, GRC, Audit, IT Operations, and Platform teams to define requirements and prioritize enhancements.
- Lead governance forums, stakeholder workshops, and executive reviews.
- Translate business and regulatory requirements into user stories and product backlog items.
- Ensure integration across CMDB, vulnerability tools, threat intelligence platforms, and third-party systems.
- Drive process standardization, automation, and continuous improvement across risk and security workflows.
- Define and monitor KPIs related to compliance, risk reduction, security response, and remediation SLAs.
- Develop dashboards and reporting to provide leadership visibility and support audit transparency.
- Promote adoption of advanced capabilities, including AI-driven risk scoring, automation, and continuous control monitoring.
Behaviors and Competencies- Business Acumen: Can analyze financial and operational data to make informed decisions.
- Communication: Can effectively communicate complex ideas and information, and can adapt communication style to the audience.
- Follow-Through: Can manage multiple tasks, prioritize effectively, and meet deadlines without needing explicit reminders.
- Organization: Can prioritize daily tasks, manage personal workflow, and utilize basic tools to keep track of responsibilities.
- Detail-Oriented: Can identify errors or inconsistencies in work and make necessary corrections.
- Data Analysis: Can identify patterns and trends in data, propose hypotheses, and use statistical techniques to test them
- Problem-Solving: Can identify problems, propose solutions, and take action to resolve them without explicit instructions.
- Multi-Tasking: Can identify opportunities for task optimization, propose solutions, and manage multiple tasks without explicit instructions.
- Strategic Thinking: Can contribute to the development of strategic plans and initiatives.
- Willingness to Learn: Can actively seek out learning opportunities but may need guidance to apply new knowledge or skills effectively.
- Time Management: Can generally use time effectively and is working towards improving task prioritization and deadline management.
Skill Level Requirements- Strong understanding of risk frameworks and security operations processes.
- Proven ability to manage cross-functional stakeholders and communicate effectively with executive leadership.
- Strategic, outcome-driven mindset with a focus on delivering measurable business value.
- Strong stakeholder management and communication skills.
- Governance and compliance-oriented approach.
- Data-driven decision-making capabilities.
- Ability to balance security, risk, and business priorities.
Other Requirements- Completed Bachelor's Degree or relevant work experience required
- 8+ years of experience in risk management, compliance, cybersecurity, or security operations.
- 3+ years of experience with ServiceNow IRM/GRC and/or SecOps product ownership or product management.
- Experience leading enterprise-scale ServiceNow or GRC/SecOps transformation initiatives.
- Ability to travel to SHI, Partner, and Customer Events
- Ability to travel 25%
Preferred- ServiceNow certifications such as: CIS-IRM, CIS-SecOps, CSA
- Experience with CMDB, vulnerability management tools, SIEM platforms, and TPRM solutions.
- Familiarity with regulatory frameworks such as SOX, ISO, NIST, GDPR, or HIPAA.
- Exposure to AI/GenAI capabilities within risk and security operations.
The estimated annual pay range for this position is $150,000 - $180,000 which includes a [compensation structure]. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.
