Senior Manager – Cybersecurity & Governance, Risk & Compliance (GRC)
Position Summary
We are seeking an experienced Senior Manager, Cybersecurity & Governance, Risk & Compliance (GRC) to lead and mature our enterprise cybersecurity governance, risk management, compliance, and security assurance programs.
Key Responsibilities
Lead the enterprise cybersecurity governance framework, including policies, standards, controls, and procedures.
Drive cybersecurity strategy and roadmap initiatives aligned with business goals and risk tolerance.
Provide leadership with visibility into cybersecurity posture, risks, compliance status, and program effectiveness.
Lead governance committees and facilitate cross-functional cybersecurity initiatives.
Conduct enterprise cybersecurity risk assessments and oversee risk treatment activities.
Evaluate emerging threats, vulnerabilities, and business impacts.
Lead security reviews for new technologies, projects, and strategic initiatives.
Manage cybersecurity compliance programs aligned with frameworks and regulations.
Coordinate internal and external audits and oversee remediation of audit findings.
Ensure security controls, documentation, and evidence repositories support ongoing compliance requirements.
Monitor and report compliance performance and remediation progress.
Partner with Security Operations teams and external providers to strengthen monitoring, threat detection, incident response, and vulnerability management programs.
Review significant cybersecurity incidents, root cause analyses, and corrective action plans.
Participate in incident response exercises, tabletop simulations, and post-incident reviews.
Drive continuous improvement of security controls, detection capabilities, and response processes.
Monitor security metrics, KPIs, KRIs, and operational reporting.
Manage relationships with MDR, MSSP, SOC-as-a-Service, and other cybersecurity service providers.
Review vendor assessments, SOC reports, penetration test results, and compliance documentation.
Ensure third-party providers meet security, compliance, and contractual obligations.
Lead vendor risk remediation and ongoing security performance reviews.
Lead and mentor cybersecurity governance, risk, and compliance professionals.
Partner with IT, Security, Legal, Privacy, HR, Audit, and business leaders to address cybersecurity risks and compliance requirements.
Present cybersecurity risks, compliance status, audit results, and strategic recommendations to senior leadership and governance committees.
Required Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
12+ years of experience in cybersecurity, information security, risk management, compliance, audit, or security operations.
3+ years of leadership or people management experience.
Experience supporting or partnering with Security Operations (SOC) teams and incident response programs.
Strong knowledge of cybersecurity frameworks, governance models, and risk management methodologies.
Experience leading compliance initiatives, audits, and remediation programs.
Experience managing third-party security assessments and vendor risk programs.
Strong executive communication, stakeholder management, and presentation skills.
Preferred Qualifications
Experience with Microsoft security and compliance technologies, including Microsoft Purview and Microsoft Sentinel.
Experience working with SIEM, SOAR, EDR, MDR, vulnerability management, and GRC platforms.
Experience within regulated or compliance-driven industries.
Master's degree in a related discipline.
Pay
The base salary range for this role is $133,200 to $199,800. This base salary range represents the low and high end of the base salary range for this position. Actual base salary offered will vary based on various factors including but not limited to location, level, job-related knowledge, skills, experience, and performance.