Senior Manager, Information Security GRC

Greystar Worldwide, LLC$120K — $150K *
US-Anywhere
+ 2 other locationsRemote
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field, or equivalent work experience.
  • Eight or more years of progressive experience in information security, with at least four years focused on GRC, risk, audit, or compliance.
  • Two or more years of direct people-management experience leading security, risk, or compliance teams.
  • Demonstrated experience building, operating, and maturing an enterprise risk management program.
  • Strong working knowledge of security frameworks and standards including ISO 27001, SOC 2, NIST 800-53, and GDPR.

Responsibilities

  • Own the GRC program roadmap and strategy, setting priorities and objectives.
  • Build and lead the GRC function while directing third-party partners.
  • Advise senior leadership on enterprise security risk posture and regulatory exposure.
  • Own the information security policy framework and its enforcement across global locations.
  • Lead the enterprise information security risk management program, including risk assessments and risk treatment planning.

Benefits

  • Competitive Medical, Dental, Vision, and Disability & Life insurance benefits.
  • Generous Paid Time off, including 15 days of vacation and 11 paid holidays.
  • 6-Week Paid Sabbatical after 10 years of service.
  • 401(k) with Company Match up to 6% of pay after 6 months of service.
  • Paid Parental Leave and reimbursement for fertility benefits up to $10,000.
Full Job Description

JOB DESCRIPTION SUMMARY

The Senior Manager, Information Security GRC owns the strategy, execution, and continuous improvement of Greystar’s Global Information Security Governance, Risk, and Compliance program. This role builds and leads the GRC function - developing internal team capability and directing third-party partners - and is accountable for the frameworks, processes, and reporting that govern security risk, regulatory compliance, third-party risk, and security awareness across the enterprise. The Senior Manager sets the GRC program roadmap, advises senior leadership on the organization’s risk posture, and partners across the business to preserve the availability, integrity, and confidentiality of Greystar and customer information in compliance with applicable information security laws, policies, and standards. Reports to the Information Security Officer (or CISO).

JOB DESCRIPTION

Leadership and Strategy
  • Own the GRC program roadmap and strategy, setting priorities, objectives, and maturity goals aligned with business and security objectives.
  • Build and lead the GRC function, growing internal team capability while directing third-party partners to deliver against program objectives.
  • Advise the Information Security Officer and senior leadership on enterprise security risk posture, emerging threats, and regulatory exposure.
  • Establish and report program metrics, dashboards, and KPIs that communicate GRC program health to senior leadership and the board.
Governance and Compliance
  • Own the information security policy framework, including development, approval, enforcement, and periodic review of policies, standards, and procedures for global locations.
  • Direct the monitoring of changes in laws, regulations, and industry standards affecting information security (e.g., NIST, ISO 27001, PCI DSS, SOX, GDPR, CCPA), and oversee translation of those changes into actionable business requirements.
  • Oversee compliance assessments and maintain the organization’s compliance posture across applicable frameworks and regulations.
  • Build and mature AI governance practices, applying emerging frameworks such as ISO 42001 and the NIST AI RMF.
Risk Management
  • Lead the enterprise information security risk management program, including risk assessments across business units, applications, infrastructure, and processes; the risk register; and risk treatment planning.
  • Drive remediation of identified risks, partnering with control owners and holding the program accountable for closure.
  • Own the third-party risk management program, including pre-contract security due diligence, recurring vendor risk reviews, the vendor risk inventory, and remediation tracking.
Audit and Controls
  • Oversee responses to client, regulator, and internal audit requests, including security questionnaires (SIG, CAIQ), evidence collection, and findings remediation.
  • Direct periodic audits of internal control systems to ensure access levels, segregation of duties, and configuration baselines remain appropriate, and lead the response to audit findings requiring action.
  • Oversee periodic user access and privileged access reviews across in-scope systems and applications, ensuring timely remediation of inappropriate or excessive access.
  • Partner with Legal, Privacy, and other stakeholders on Electronically Stored Information (ESI) requests, including identification, preservation, collection, and chain-of-custody documentation in support of legal holds, investigations, and regulatory inquiries.
Awareness and Platform
  • Own the enterprise security awareness program, including training curricula and ongoing awareness communications that promote secure behavior across the organization.
  • Oversee the phishing simulation program, including campaign strategy, results analysis, and remediation training.
  • Direct administration and enhancement of the enterprise GRC platform, including workflow configuration, control library maintenance, reporting, and user support.
Qualifications
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field, or equivalent work experience.
  • Eight or more years of progressive experience in information security, with at least four years focused on GRC, risk, audit, or compliance.
  • Two or more years of direct people-management experience leading security, risk, or compliance teams.
  • Demonstrated experience building, operating, and maturing an enterprise risk management program, including risk assessments, risk registers, and risk treatment planning.
  • Demonstrated experience owning a third-party risk management program, including vendor security assessments and due diligence.
  • Strong working knowledge of security frameworks and standards including ISO 27001, SOC 2, NIST 800-53, and GDPR.
  • Familiarity with cloud environments (AWS, GCP, Azure) and their risk and compliance implications.
  • Familiarity with AI governance concepts and emerging frameworks (ISO 42001, NIST AI RMF), or a demonstrated ability to learn and apply new frameworks quickly.
  • Strong analytical and problem-solving skills with the ability to translate technical risk into clear business language for executive audiences.
  • Demonstrated ability to lead multiple priorities, drive issues to closure, and operate with significant autonomy.
  • Proven ability to influence partners across IT, Engineering, Legal, Privacy, Internal Audit, and the business.
  • Industry certifications such as CRISC, CISA, CISSP, CISM, or CCSK strongly preferred.
  • Experience with GRC platforms such as Hyperproof, OneTrust, Archer, or similar.

Experience with security awareness traini

Additional Compensation:

Many factors go into determining employee pay within the posted range including business requirements, prior experience, current skills and geographical location.

  • Corporate Positions: In addition to the base salary, this role may be eligible to participate in a quarterly or annual bonus program based on individual and company performance.

  • Onsite Property Positions: In addition to the base salary, this role may be eligible to participate in weekly, monthly, and/or quarterly bonus programs.

Robust Benefits Offered*:

  • Competitive Medical, Dental, Vision, and Disability & Life insurance benefits. Low (free basic) employee Medical costs for employee-only coverage; costs discounted after 3 and 5 years of service.

  • Generous Paid Time off. All new hires start with 15 days of vacation, 4 personal days, 10 sick days, and 11 paid holidays. Plus your birthday off after 1 year of service! Additional vacation accrued with tenure.

  • For onsite team members, onsite housing discount at Greystar-managed communities are available subject to discount and unit availability.

  • 6-Week Paid Sabbatical after 10 years of service (and every 5 years thereafter).

  • 401(k) with Company Match up to 6% of pay after 6 months of service.

  • Paid Parental Leave and lifetime Fertility Benefit reimbursement up to $10,000 (includes adoption or surrogacy).

  • Employee Assistance Program.

  • Critical Illness, Accident, Hospital Indemnity, Pet Insurance and Legal Plans.

  • Charitable giving program and benefits.

*Benefits offered for full-time employees. For Union and Prevailing Wage roles, compensation and benefits may vary from the listed information above due to Collective Bargaining Agreements and/or local governing authority.

About Greystar Worldwide, LLC

Greystar Worldwide, LLC Careers

Joining Greystar Worldwide, LLC presents an unparalleled opportunity to become part of a leading team of professionals dedicated to pioneering innovations in the global marketplace. Greystar Worldwide, LLC stands as a beacon of career growth and professional development, offering a plethora of job opportunities across various sectors.

Explore Career Opportunities

Greystar Worldwide, LLC invites talented individuals to explore its diverse range of job opportunities. From internships that provide a solid foundation for future leaders to full-time positions that challenge and expand professional skills, Greystar Worldwide, LLC is a hub for career advancement.

Innovation and Leadership

At Greystar Worldwide, LLC, innovation intersects with leadership, driving the company to new heights in industry standards and operational excellence. Employees are encouraged to lead projects that set benchmarks in technology and service, fostering a culture of continuous improvement and creative problem-solving.

Diversity and Inclusion

With a commitment to diversity and inclusion, Greystar Worldwide, LLC ensures that all team members receive diversity training, promoting an environment where everyone’s contributions are valued. This approach not only enhances team dynamics but also contributes to the company’s robust problem-solving capabilities.

Professional Growth and Development

Career growth at Greystar Worldwide, LLC is not just a possibility—it is a priority. The company supports its employees with unmatched training programs, leadership development courses, and opportunities for networking and professional growth. This commitment ensures that every team member can reach their full potential.

Benefits and Culture

Greystar Worldwide, LLC is renowned for its vibrant culture and comprehensive benefits package designed to support the well-being and financial security of every team member. Employment at Greystar Worldwide, LLC means access to health benefits, retirement plans, and wellness programs that together create a supportive and positive workplace.

Join the Greystar Worldwide, LLC Team

Greystar Worldwide, LLC is actively hiring and looking for individuals who are passionate, curious, and driven to excel. Candidates interested in applying are encouraged to submit their resume and prepare for an interview process that values insight, experience, and a readiness to contribute to a dynamic team.

Stay Connected with Greystar Worldwide, LLC Careers

Stay informed about the latest in career opportunities and company news by subscribing to Greystar Worldwide, LLC job alerts and reading the careers blog. Personalize the subscription to receive updates that match specific career interests and skills.

SEARCH GREYSTAR WORLDWIDE, LLC JOBS

READ CAREERS BLOG

Greystar Worldwide, LLC is not just a company—it is a place where careers are made, skills are honed, and professional achievements are recognized and celebrated. Join Greystar Worldwide, LLC to be part of a team that is shaping the future through innovation, leadership, and a commitment to excellence.
Learn more about Greystar Worldwide, LLC

Similar Jobs

More Jobs at Greystar Worldwide, LLC

More Information Technology Jobs

Find similar Senior Manager, Information Security GRC jobs: