Cybersecurity GRC Manager

About The Role

The Cybersecurity GRC Manager is accountable for maturing and scaling engineering-driven governance, risk, and compliance programs that support the security, privacy, and regulatory-compliant posture of the organization. The ideal candidate will bring a unique blend of deep technical security acumen and GRC expertise, enabling the creation of GRC workflows that are measurable, automated, and resilient. This is a strategic, cross-functional, and customer-facing role reporting to the Director of Governance, Risk, & Compliance.

A successful candidate will have a comprehensive understanding of cybersecurity and privacy industry frameworks (e.g., NIST, ISO, SOC 2, CCPA, GDPR, HIPAA). They will be responsible for transforming governance, risk, and compliance practices into proactive, testable capabilities using automation, continuous auditing, and AI-driven solutions.

Proficiency with AI tools (LLMs, prompt engineering, generative‑AI workflows) is a core requirement – you’ll use AI to streamline GRC workflow creation and implementation, evidence generation, and security risk mitigation. Experience with designing and implementing autonomous “agentic AI” solutions is preferred.

Responsibilities

• Drive a compliance operating model that includes automated control testing, self-service reporting, and AI-enhanced risk analysis. Implement continuous control monitoring and evidence collection pipelines integrated into cloud-native and on-prem environments.
• Partner with engineering and product teams to define and codify security and compliance requirements as part of the SDLC. Introduce automated security/compliance tests into CI/CD pipelines to support shift-left practices.
• Use generative AI for compliance gap detection, policy mapping, risk triaging, and customer assurance functions.
• Oversee security and privacy assurance activities and assessments, internal/external audits, and attestation/certification initiatives (e.g., SOC 2, ISO 27001). Lead internal readiness for third-party audits and external assessments and maintain ongoing compliance posture.
• Utilize automation and GRC platforms to optimize gathering and maintenance of audit readiness documentation and audit evidence.
• Utilize AI-driven solutions to manage the organization’s responses to customers’ and partners’ cybersecurity requests (e.g. information security questionnaires).
• Enhance and execute third-party security risk management practices, including inherent / residual security risk assessment, vendor / supplier security due diligence reviews, vendor / supplier inventory management, ongoing security monitoring, and risk reporting.
• Build and maintain enterprise-level risk registers; facilitate and monitor security risk acceptance processes; design and maintain security risk measurement and monitoring including risk reporting.
• Grow and expand cybersecurity guidance through development and maintenance of cybersecurity policies, standards, and procedures.
• Manage security awareness programs through administration of regular security trainings, phishing simulations, and corporate communications.

Skills And Qualifications

Required Experience

• Bachelor’s degree in computer science, Cybersecurity, or related engineering field; advanced degree preferred.
• Minimum 5 years of progressive experience in cybersecurity, security engineering, and/or risk management.
• Proven success managing compliance programs in cloud-native, SaaS/PaaS environments with high automation maturity.
• Demonstrated ability to manage customer-facing compliance engagements and audit preparation.

Technical and Domain Expertise

• Deep knowledge of, and experience working with, industry frameworks (NIST SP800-53, ISO 27001, SOC 2, CCPA, GDPR, HIPAA).
• Strong familiarity with AI/ML usage in security programs and risk analysis.
• Experience implementing and administering GRC tools/platforms.
• Proficiency in cloud security, AI security, secure development / DevSecOps practices, and infrastructure-as-code (IaC) security tooling.
• Experience implementing automated compliance and control validation pipelines.

Soft Skills

• Excellent communication, stakeholder management, and executive reporting skills.
• Ability to influence cross-functional teams and operate in fast-paced, high-growth environments.
• Strong analytical, critical thinking, and decision-making capabilities.