The
Senior Manager, Security GRC drives the enterprise security governance framework, shaping risk posture, compliance strategy, and policy architecture across global operations. Serving as the primary cyber risk advisor to the CISO and executive leadership, you will translate regulatory requirements and board-level risk appetite into actionable, enterprise-wide programs.
What you will do:Strategy & Governance Management- Own the enterprise GRC strategy and program roadmap aligned to business objectives and risk appetite.
- Establish and enforce security policies, standards, and the exceptions management process.
- Build and develop a high-performing GRC team while partnering with Legal, Internal Audit, and business unit leaders.
Risk Reporting & Compliance- Govern regulatory compliance across NIST CSF, ISO 27001, SOX, GDPR, and CMMC, while managing audit relationships.
- Lead cyber risk reporting to the CISO, Board, and executive stakeholders, and define risk quantification methods.
Supply Chain & Resilience- Lead Cyber-Supply Chain Risk Management and third-party security assessment programs.
- Oversee Business Continuity Planning integration with cybersecurity resilience and drive the Training & Awareness strategy.
Tools & Technologies:- Frameworks: Mastery of NIST CSF, NIST RMF, ISO 27001, and ISO 31000.
- Regulations: Expertise in SOX ITGC, GDPR, CMMC, and cross-jurisdictional regulatory compliance.
- Methodologies: Advanced understanding of third-party risk, supply chain security, and business continuity methodologies.
What you bring:- Experience: 12+ years in cybersecurity with 5+ years leading enterprise GRC programs in complex, global organizations.
- Certification: CISSP or CISM is required; CRISC or CGEIT is highly preferred.
- Executive Advisory: Exceptional skills with a proven ability to translate complex cyber risk into board-level narratives.
- Leadership: Demonstrated ability to build and lead high-performing teams in a transformation or build-out context.
