Cybersecurity Manager - GRC

Job Summary

Leading a team of GRC Analysts and Program Managers, the full-time salaried Cybersecurity Manager - GRC will oversee third-party risk management and compliance programs across multiple frameworks while partnering with various departments to ensure seamless operations and compliance integration.

Key responsibilities

• Manage and develop a team of GRC members, setting quarterly OKRs and providing coaching on technical depth and audit discipline
• Own the third-party risk management workflow, including vendor intake, risk tiering, and ongoing monitoring across a multi-brand vendor footprint
• Lead compliance programs across SOC 1 Type II, ISO 27001, HITRUST, NIST CSF/800-53, and IT SOX, coordinating external audits and evidence collection

Required qualifications

• 7+ years of progressive Information Security GRC, Compliance, or Audit experience, including 2 years of direct people management
• Hands-on program ownership across multiple compliance frameworks, with required experience in SOC 1 Type II and familiarity with ISO 27001, HITRUST, NIST CSF/800-53, or IT SOX
• Demonstrated experience managing a third-party risk management workflow at scale, including vendor diligence and ongoing monitoring
• Hands-on experience with compliance automation platforms and a clear strategy for scaling tooling with program growth
• Direct experience managing external auditors and assessors, with the ability to challenge scope and interpretation effectively