Jobs · Management · Arizona

Sr. Manager, GRC

Avnet · Chandler, AZ · 2 mo ago
ManagementFull-time

Cybersecurity Senior Manager

The Cybersecurity Senior Manager plays a critical leadership role within the enterprise cybersecurity organization, overseeing governance, risk, and compliance (GRC) functions across a complex, global environment. This role is accountable for ensuring cybersecurity risks are identified, assessed, managed, and reported in alignment with business objectives, regulatory requirements, and the organization’s risk appetite.

  • Design, implement, and maintain continuous control monitoring processes to validate the effectiveness of cybersecurity and IT controls on an ongoing basis.
  • Translate regulatory and compliance requirements into practical, scalable control expectations aligned to enterprise architecture and operational realities.
  • Proactively identify compliance gaps, assess risk, and drive remediation plans in partnership with control owners.
  • Periodically assess against NIST CSF and other cybersecurity frameworks.

Audit Liaison Management:

  • Own and manage the Audit Liaison function for cybersecurity and IT risk, serving as the primary interface between the company and external auditors, assessors, and regulators.
  • Support control owners by raising awareness of compliance requirements, assisting with controls design, and serving as primary interface between Global Audit and audited IT teams.
  • Support Global Audit and external auditors in audit planning, evidence collection, walkthroughs, and issue response across global teams.
  • Ensure audit findings are clearly understood, risk-ranked, and translated into actionable remediation plans with accountable owners and timelines.
  • Track and report status of remediation action plans.
  • Drive consistency and quality in audit responses, reducing friction and repeat findings year over year.

Contract Reviews and Business Enablement:

  • Lead the cybersecurity portion of contract reviews in support of all business units, evaluating customer, partner, and supplier cybersecurity requirements.
  • Partner with Legal, Sales, Procurement, and Business Leaders to assess contractual risk, negotiate security terms, and ensure commitments align with the company’s cybersecurity capabilities and risk tolerance.
  • Provide clear guidance on acceptable risk positions and required controls to enable informed business decisions without unnecessary delays.
  • Facilitate Technical and Organizational Measures (TOMs) review requirements of GDPR during business vendor selection process by coordinating teams to complete the non-cyber portion of the reviews and providing a risk assessment for the cybersecurity component of TOMs.
  • Provide the complete assessment report and final risk rating to the Business.
  • Answer Customer’s request for information (RFIs) by completing the cybersecurity portions of RFIs and gathering responses for other IT portions of the RFIs.

Third-Party Risk Management (TPRM):

  • Oversee the cybersecurity components of the Third-Party Risk Management program for business suppliers, including risk assessments and due diligence.
  • Ensure third-party risks are identified, documented, and managed in alignment with enterprise risk management practices.
  • Collaborate with Business stakeholders and Contracts team to integrate cybersecurity requirements throughout the supplier lifecycle.
  • Collaborate with Procurement and Vendor Management teams to integrate cybersecurity requirements throughout the vendor lifecycle.

Cyber Policies, Standards, and Governance:

  • Develop, maintain, and govern enterprise cybersecurity policies and standards.
  • Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes while remaining practical and business-focused.
  • Drive awareness and adoption of cybersecurity governance across IT and business stakeholders.

Training and Awareness:

  • Lead the enterprise cybersecurity training and awareness program, ensuring content is role-appropriate, engaging, and aligned to real-world risks.
  • Measure program effectiveness through metrics, trends, and behavioral indicators, continuously improving the program to address emerging threats and business needs.
  • Promote a culture of shared responsibility for cybersecurity across the organization.

Risk Register Management:

  • Own and manage the enterprise cybersecurity risk register, ensuring risks are clearly articulated, consistently assessed, and aligned to the company’s risk taxonomy.
  • Facilitate risk identification, risk acceptance, and risk treatment decisions with business and technology leaders.
  • Analyze risk trends and metrics to provide insights that help leadership prioritize investments and focus efforts on the most material risks.
  • Support executive and board-level reporting by translating technical risk into business-relevant language.

Cybersecurity Incident Response:

  • Facilitate communications between IT, Legal, Procurement, HR and business stakeholders during cybersecurity incident response.
  • Provide customer notification requirements to the Security Operations team to maintain as part of Cyber Operations IR plans.
  • Collaborate with Avnet Communications teams for external and internal cybersecurity communications.
  • Collaborate with Legal and Contracts teams for interpretation of contractual, regulatory, and other legal compliance requirements during cybersecurity incidents.

Cybersecurity Certification Support:

  • Consult BISOs and Business stakeholders on the certification process, controls, scope, stakeholder identification, preparation for gap assessments, selecting an assessor and business funding.
  • Provide guidance to the teams to be assessed or audited.
  • Collaborate with BISOs, third-party assessors and stakeholders to schedule gap assessment interviews, attend gap assessment and certification assessment sessions as a facilitator/subject matter expert (SME) on GIS related topics.
  • Perform self-assessments of IT controls as part of approved project activities.

Team Management:

  • Manages direct managers and/or highly skilled specialists in multiple global regions who exercise significant latitude and independence.
  • Often oversees one or more departments or related teams.

Similar jobs

Sr. Manager GRC

Bloom EnergySan Jose, CA· Yesterday
OTHR$179k–$257k/yrapply on bloomenergy.wd1.myworkdayjobs.com

GRC Manager

CloudZeroBoston, MA· 2 mo ago
Management$56/hrapply on jobs.ashbyhq.com

Sr. Manager, Operations

Performance TeamHopedale, MA· 3 wk ago
Manufacturing$110k–$120k/yrapply on maersk.wd3.myworkdayjobs-impl.com