Manager, Cybersecurity GRC Manager

The Manager, Cybersecurity Governance and Risk is responsible for leading Cyber and Tech Risk Management efforts to enhance transparency around risk impacts to the organization. This role manages the cybersecurity risk register, issues log, and facilitates the Risk Operating Committee. The Manager also supports the Governance and Risk team in identifying and implementing industry standards (e.g., NIST, ISO, COBIT) to meet regulatory and client requirements.

This position contributes to the advancement of ITRM oversight, reporting, governance, communications, and education initiatives from an Information Security perspective. The Manager is instrumental in developing methodologies, policies, processes, and tools that support InfoSec and Governance and Risk objectives. This position is remote but candidates MUST live in either: NYC, Chicago, Washington DC or Atlanta.

Key Responsibilities:

• Strategic Planning and Reporting:
• Assist in creating, implementing, and managing the governance and risk strategic plan and roadmap.
• Enhance reporting structures and schedules for InfoSec stakeholders.
• Governance and Risk Development:
• Collaborate with Controls and TPRM Managers to evolve and maintain InfoSec governance and risk procedures, ensuring alignment with organizational and client requirements.
• Contribute expertise in identifying, prioritizing, and managing risk across InfoSec policy domains.
• Drive adoption of IT Risk policies, standards, and guidelines across the enterprise.
• Risk and Issue Management:
• Oversee the cybersecurity risk and issue registers, including remediation tracking.
• Support ROC meetings by managing agendas, data collection, and reporting.
• Map risks to policy domains and controls to highlight areas requiring remediation and prioritization.
• Governance and Process Improvement:
• Partner with the Controls Manager to identify and document deficiencies in governance, processes, and risk management.
• Propose and enforce remediation strategies while managing cross-functional POAM initiatives.
• Assessment Support:
• Assist with third-party and client InfoSec assessments, ensuring high-quality deliverables and control narrative updates.
• Provide reporting insights to InfoSec leadership and stakeholders.
• Risk Methodologies and Assessments:
• Develop and refine risk methodologies.
• Conduct and support risk assessments to identify risks, recommend control enhancements, and suggest risk mitigation strategies.
• Metrics and Measurements:
• Define and maintain InfoSec governance and risk metrics to track performance and improvements.

Qualifications:

• Education:
• Bachelor’s degree in Information Security, Information Assurance, Computer Science, Information Systems, or a related field (two additional years of experience may substitute for two years of college credits).
• Experience:
• Minimum of 7 years of combined experience in information technology, information security, and risk management.
• Background in consulting or legal experience preferred.
• Certifications (Preferred):
• CISA, CISM, GSEC, CISSP, CRISC, or other security-related certifications.
• Technical Skills and Knowledge:
• Advanced understanding of risk management frameworks, methodologies, and information security standards (e.g., NIST, ISO, COSO).
• Familiarity with operational risk from a technology perspective.
• Expertise in governance, risk, and compliance practices and technologies.
• Experience with third-party assessments, including SOC2 Type 2, SIG, and penetration testing reports.
• Technical knowledge of security applications, platforms, and architectures.
• Proficiency in MS Outlook, Word, Excel, Visio, and PowerPoint.
• Soft Skills:
• Strong project management and problem-solving abilities.
• Inquisitive mindset with a willingness to challenge existing practices.
• Proven ability to build and maintain effective relationships across departments.