GRC Senior Manager

Employment Type: Full-time

Position Overview

The GRC Senior Manager is responsible for maintaining and evolving the organization's cybersecurity governance, risk, and compliance (GRC) strategies. This role involves managing staff, overseeing the development and execution of the cybersecurity risk management framework, information security policies, data security and privacy programs, IT audits, and regulatory inquiries. A key responsibility is directing the Third-Party Risk Management program. The GRC Senior Manager ensures compliance with relevant regulations, policies, standards, and controls to protect the organization's information assets, considering the current and future business environment. This position requires an enterprise-level perspective and the ability to build collaborative relationships with cross-functional teams to implement necessary controls. Managing and developing staff, along with unit budget oversight, are critical components to achieving strategic department and team goals.

Primary Job Responsibilities

• Maintains the organization's effectiveness and efficiency by supporting strategic plans for the cybersecurity program, with accountability for the governance, risk, and compliance function.
• Achieves financial objectives by forecasting requirements, preparing an annual budget, scheduling expenditures, analyzing variances, and initiating corrective actions within the functional unit.
• Collaborates with senior leadership to develop team goals and align them with department objectives.
• Recruits, selects, coaches, and develops team leaders and analysts within the department, managing professional growth and development plans.
• Translates and champions cybersecurity strategy to the functional unit.
• Conducts performance and professional development reviews per HR guidelines, taking corrective actions including Performance Improvement Plans or terminations when necessary.
• Defines, implements, and oversees Information Security policies and the effective implementation of controls, standards, guidelines, and procedures across the Company to ensure the protection of information assets.
• Builds effective partnerships and strong collaborations with business and IT leaders to ensure robust information security practices and compliance within the Company's risk appetite.
• Performs other duties as assigned.

Career Level (M4)

Organizational Impact

• Establishes key elements of tactical and operational plans with direct impact on the achievement of area results.
• Focuses on short- to mid-term operational plans (e.g., 1-2 years).
• Develops new products, processes, standards, or operational plans in support of the area.
• May have budget accountability for the area or manage elements of the budget.

Leadership & Talent Management

• Manages a large team typically comprised of managers and/or supervisors and experienced professionals.
• Typically has hiring, firing, promotion, and reward authority within own area, in accordance with manager review and approval.

Knowledge & Experience

• Requires broad management and leadership knowledge to lead project or program teams in one department/area.
• Typically possesses advanced knowledge and skills within a specific technical or professional discipline with a broad understanding of other areas within the department.
• Typically requires a university degree or equivalent experience and a minimum of 6-8 years of prior relevant experience.

Required Skills

• Expert knowledge and experience with cybersecurity control frameworks (NIST CSF or ISO 27001 required).
• Proven experience designing and implementing cybersecurity policies, controls, standards, and guidelines.
• Expert knowledge and experience with PCI-DSS, SOX, and financial services regulations.
• Proven experience partnering with external auditors in a publicly traded company.
• Working knowledge of data governance, privacy.

Salary

• Information not provided.

Location Type

• Information not provided.