Solomon Page
Technical Governance & Compliance Manager
Our client is seeking a highly skilled and forward-thinking Technical Governance, Risk, and Compliance (GRC) Manager to drive the maturity of an enterprise GRC program within a publicly traded, technology-driven organization. This position is ideal for a proven GRC leader with a deep understanding of information security frameworks, cloud compliance, automation-driven GRC tooling, and regulatory alignment for public companies.
Base Pay Range $120,000.00/yr - $140,000.00/yr
The ideal candidate will bring a technical-first mindset, a strong grasp of emerging threats, and practical experience aligning security risk and controls with business outcomes in complex environments. You will work cross-functionally with InfoSec, Engineering, Legal, and Internal Audit teams to establish scalable governance processes, reduce enterprise risk, and ensure compliance across the digital and physical estate.
Essential Functions and Primary Duties
Strategize and Lead:
Maintain enterprise GRC strategy aligned with public company compliance requirements including SOX, SEC cybersecurity rule, SOC 2, NIST CSF, and other regulatory obligations (e.g., HIPAA, PCI DSS, depending on vertical).
Drive Technical Risk Management:
Identify, assess, and track cyber and IT risks across infrastructure, applications, and cloud environments (AWS, Azure, GCP). Maintain a living risk register and coordinate mitigation strategies with Engineering and Cloud Security teams.
Implement and Scale GRC Tooling:
Deploy and optimize modern GRC platforms for automation, dashboards, control testing, evidence collection, and reporting.
Security Policy Governance:
Author and maintain high-quality security policies, standards, and procedures mapped to control frameworks. Ensure policies are regularly reviewed and implemented effectively.
Third-Party Risk Oversight:
Lead a third-party risk management program, including onboarding security reviews, periodic assessments, and ongoing monitoring.
Metrics and Reporting:
Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) with clear, actionable reporting on GRC posture and control effectiveness.
Audit & Regulatory Engagement:
Partner with Internal Audit and Legal to support annual audits, security attestations (SOC 2 Type II), and new regulatory requirements.
Security Awareness & Culture:
Manage security awareness programs and phishing simulations to increase employee vigilance and reduce human risk factors.
IAM & Data Governance:
Support governance of Identity & Access Management (IAM) processes, data classification models, and Data Loss Prevention (DLP) controls, ensuring alignment with zero trust principles.
Lead Security Committees:
Facilitate security steering committee meetings to align risk decisions with organizational goals, track remediation, and drive ownership across departments.
Emerging Trends:
Monitor evolving regulatory landscapes, GRC technology trends (e.g., AI-powered compliance), and threat intelligence to continuously enhance the GRC program.
Preferred Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Risk Management, or 10 years professional experience in GRC or Information Security Management in a highly regulated enterprise.
At least one active certification: CISSP, CISA, CRISC, CISM, CIPT, CIPP/US, or ISO 27001 Lead Implementer.
Demonstrated ability to lead cross-functional teams and influence stakeholders at all levels, including executives.
Strong people management skills, with experience mentoring team members and fostering a collaborative, high-accountability culture.
Experience with multiple frameworks and standards: SOC 2, NIST CSF, SOX, PCI, HIPAA.
Demonstrated success leading third-party risk assessments, policy governance, and enterprise risk management programs in hybrid and cloud-native environments.
Ability to communicate technical risk to both technical and executive audiences.
Strong understanding of IAM, DLP, vulnerability management, and cloud security practices.
Passion for staying current with cybersecurity regulations, threat landscapes, and GRC best practices.
Minimum Qualifications
College degree or equivalent.
8+ years of related experience.
Strong technical knowledge and project management skills.
Knowledge of industry regulations.
Ability to lead and coordinate team activities.
Ability to formulate, document, and recommend new policies and procedures.
Proven team management experience.
Seniority Level Mid-Senior level
Employment Type Full-time
Job Function Information Technology
Industries Software Development
#J-18808-Ljbffr
Base Pay Range $120,000.00/yr - $140,000.00/yr
The ideal candidate will bring a technical-first mindset, a strong grasp of emerging threats, and practical experience aligning security risk and controls with business outcomes in complex environments. You will work cross-functionally with InfoSec, Engineering, Legal, and Internal Audit teams to establish scalable governance processes, reduce enterprise risk, and ensure compliance across the digital and physical estate.
Essential Functions and Primary Duties
Strategize and Lead:
Maintain enterprise GRC strategy aligned with public company compliance requirements including SOX, SEC cybersecurity rule, SOC 2, NIST CSF, and other regulatory obligations (e.g., HIPAA, PCI DSS, depending on vertical).
Drive Technical Risk Management:
Identify, assess, and track cyber and IT risks across infrastructure, applications, and cloud environments (AWS, Azure, GCP). Maintain a living risk register and coordinate mitigation strategies with Engineering and Cloud Security teams.
Implement and Scale GRC Tooling:
Deploy and optimize modern GRC platforms for automation, dashboards, control testing, evidence collection, and reporting.
Security Policy Governance:
Author and maintain high-quality security policies, standards, and procedures mapped to control frameworks. Ensure policies are regularly reviewed and implemented effectively.
Third-Party Risk Oversight:
Lead a third-party risk management program, including onboarding security reviews, periodic assessments, and ongoing monitoring.
Metrics and Reporting:
Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) with clear, actionable reporting on GRC posture and control effectiveness.
Audit & Regulatory Engagement:
Partner with Internal Audit and Legal to support annual audits, security attestations (SOC 2 Type II), and new regulatory requirements.
Security Awareness & Culture:
Manage security awareness programs and phishing simulations to increase employee vigilance and reduce human risk factors.
IAM & Data Governance:
Support governance of Identity & Access Management (IAM) processes, data classification models, and Data Loss Prevention (DLP) controls, ensuring alignment with zero trust principles.
Lead Security Committees:
Facilitate security steering committee meetings to align risk decisions with organizational goals, track remediation, and drive ownership across departments.
Emerging Trends:
Monitor evolving regulatory landscapes, GRC technology trends (e.g., AI-powered compliance), and threat intelligence to continuously enhance the GRC program.
Preferred Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Risk Management, or 10 years professional experience in GRC or Information Security Management in a highly regulated enterprise.
At least one active certification: CISSP, CISA, CRISC, CISM, CIPT, CIPP/US, or ISO 27001 Lead Implementer.
Demonstrated ability to lead cross-functional teams and influence stakeholders at all levels, including executives.
Strong people management skills, with experience mentoring team members and fostering a collaborative, high-accountability culture.
Experience with multiple frameworks and standards: SOC 2, NIST CSF, SOX, PCI, HIPAA.
Demonstrated success leading third-party risk assessments, policy governance, and enterprise risk management programs in hybrid and cloud-native environments.
Ability to communicate technical risk to both technical and executive audiences.
Strong understanding of IAM, DLP, vulnerability management, and cloud security practices.
Passion for staying current with cybersecurity regulations, threat landscapes, and GRC best practices.
Minimum Qualifications
College degree or equivalent.
8+ years of related experience.
Strong technical knowledge and project management skills.
Knowledge of industry regulations.
Ability to lead and coordinate team activities.
Ability to formulate, document, and recommend new policies and procedures.
Proven team management experience.
Seniority Level Mid-Senior level
Employment Type Full-time
Job Function Information Technology
Industries Software Development
#J-18808-Ljbffr