Sr. Manager, GRC
Avnet · Chandler, AZ · 2 mo ago
ManagementFull-time
Cybersecurity Senior Manager
The Cybersecurity Senior Manager plays a critical leadership role within the enterprise cybersecurity organization, overseeing governance, risk, and compliance (GRC) functions across a complex, global environment. This role is accountable for ensuring cybersecurity risks are identified, assessed, managed, and reported in alignment with business objectives, regulatory requirements, and the organization’s risk appetite.
- Design, implement, and maintain continuous control monitoring processes to validate the effectiveness of cybersecurity and IT controls on an ongoing basis.
- Translate regulatory and compliance requirements into practical, scalable control expectations aligned to enterprise architecture and operational realities.
- Proactively identify compliance gaps, assess risk, and drive remediation plans in partnership with control owners.
- Periodically assess against NIST CSF and other cybersecurity frameworks.
Audit Liaison Management:
- Own and manage the Audit Liaison function for cybersecurity and IT risk, serving as the primary interface between the company and external auditors, assessors, and regulators.
- Support control owners by raising awareness of compliance requirements, assisting with controls design, and serving as primary interface between Global Audit and audited IT teams.
- Support Global Audit and external auditors in audit planning, evidence collection, walkthroughs, and issue response across global teams.
- Ensure audit findings are clearly understood, risk-ranked, and translated into actionable remediation plans with accountable owners and timelines.
- Track and report status of remediation action plans.
- Drive consistency and quality in audit responses, reducing friction and repeat findings year over year.
Contract Reviews and Business Enablement:
- Lead the cybersecurity portion of contract reviews in support of all business units, evaluating customer, partner, and supplier cybersecurity requirements.
- Partner with Legal, Sales, Procurement, and Business Leaders to assess contractual risk, negotiate security terms, and ensure commitments align with the company’s cybersecurity capabilities and risk tolerance.
- Provide clear guidance on acceptable risk positions and required controls to enable informed business decisions without unnecessary delays.
- Facilitate Technical and Organizational Measures (TOMs) review requirements of GDPR during business vendor selection process by coordinating teams to complete the non-cyber portion of the reviews and providing a risk assessment for the cybersecurity component of TOMs.
- Provide the complete assessment report and final risk rating to the Business.
- Answer Customer’s request for information (RFIs) by completing the cybersecurity portions of RFIs and gathering responses for other IT portions of the RFIs.
Third-Party Risk Management (TPRM):
- Oversee the cybersecurity components of the Third-Party Risk Management program for business suppliers, including risk assessments and due diligence.
- Ensure third-party risks are identified, documented, and managed in alignment with enterprise risk management practices.
- Collaborate with Business stakeholders and Contracts team to integrate cybersecurity requirements throughout the supplier lifecycle.
- Collaborate with Procurement and Vendor Management teams to integrate cybersecurity requirements throughout the vendor lifecycle.
Cyber Policies, Standards, and Governance:
- Develop, maintain, and govern enterprise cybersecurity policies and standards.
- Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes while remaining practical and business-focused.
- Drive awareness and adoption of cybersecurity governance across IT and business stakeholders.
Training and Awareness:
- Lead the enterprise cybersecurity training and awareness program, ensuring content is role-appropriate, engaging, and aligned to real-world risks.
- Measure program effectiveness through metrics, trends, and behavioral indicators, continuously improving the program to address emerging threats and business needs.
- Promote a culture of shared responsibility for cybersecurity across the organization.
Risk Register Management:
- Own and manage the enterprise cybersecurity risk register, ensuring risks are clearly articulated, consistently assessed, and aligned to the company’s risk taxonomy.
- Facilitate risk identification, risk acceptance, and risk treatment decisions with business and technology leaders.
- Analyze risk trends and metrics to provide insights that help leadership prioritize investments and focus efforts on the most material risks.
- Support executive and board-level reporting by translating technical risk into business-relevant language.
Cybersecurity Incident Response:
- Facilitate communications between IT, Legal, Procurement, HR and business stakeholders during cybersecurity incident response.
- Provide customer notification requirements to the Security Operations team to maintain as part of Cyber Operations IR plans.
- Collaborate with Avnet Communications teams for external and internal cybersecurity communications.
- Collaborate with Legal and Contracts teams for interpretation of contractual, regulatory, and other legal compliance requirements during cybersecurity incidents.
Cybersecurity Certification Support:
- Consult BISOs and Business stakeholders on the certification process, controls, scope, stakeholder identification, preparation for gap assessments, selecting an assessor and business funding.
- Provide guidance to the teams to be assessed or audited.
- Collaborate with BISOs, third-party assessors and stakeholders to schedule gap assessment interviews, attend gap assessment and certification assessment sessions as a facilitator/subject matter expert (SME) on GIS related topics.
- Perform self-assessments of IT controls as part of approved project activities.
Team Management:
- Manages direct managers and/or highly skilled specialists in multiple global regions who exercise significant latitude and independence.
- Often oversees one or more departments or related teams.