Sr Manager, InfoSec Governance Risk and Compliance (GRC)
Ivalua · Pittsburgh, PA · 2 wk ago
HybridSalesFull-time
About the role
The Sr Manager, InfoSec Governance Risk and Compliance (GRC) will lead and own the GRC program globally, manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.
Responsibilities
- Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
- Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
- Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
- Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
- Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
- Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
- Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
- Lead the Security Awareness and Training program to promote a culture of security across the organization.
- Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
- Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
- Develop, maintain, and enforce InfoSec policies, standards, and plans.
Qualifications
- At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
- At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team.
- Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
- Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
- Excellent project management, analytical, and problem-solving skills with keen attention to detail.
- Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
- Self-motivated with a high degree of initiative and ability to work independently.
- Ability to handle multiple competing priorities and deadlines efficiently.
- Bachelor’s degree in related field preferred or equivalent experience with proven skills.
Soft Skills
- Excellent interpersonal, communication, and organizational skills.
- Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
- High degree of initiative, dependable, and able to work well with limited supervision.
Pay
USD 112000 - USD 208000
Schedule
Hybrid working model (3 days in the office per week)