Jobs · Sales · Pennsylvania

Sr Manager, InfoSec Governance Risk and Compliance (GRC)

Ivalua · Pittsburgh, PA · 2 wk ago
HybridSalesFull-time

About the role

The Sr Manager, InfoSec Governance Risk and Compliance (GRC) will lead and own the GRC program globally, manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

Responsibilities

  • Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
  • Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
  • Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
  • Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
  • Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
  • Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
  • Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
  • Lead the Security Awareness and Training program to promote a culture of security across the organization.
  • Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
  • Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
  • Develop, maintain, and enforce InfoSec policies, standards, and plans.

Qualifications

  • At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
  • At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team.
  • Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
  • Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
  • Excellent project management, analytical, and problem-solving skills with keen attention to detail.
  • Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
  • Self-motivated with a high degree of initiative and ability to work independently.
  • Ability to handle multiple competing priorities and deadlines efficiently.
  • Bachelor’s degree in related field preferred or equivalent experience with proven skills.

Soft Skills

  • Excellent interpersonal, communication, and organizational skills.
  • Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
  • High degree of initiative, dependable, and able to work well with limited supervision.

Pay

USD 112000 - USD 208000

Schedule

Hybrid working model (3 days in the office per week)

Similar jobs