Information Technology Governance, Risk and Compliance Manager

Summary

We’re seeking a forward-thinking Manager, GRC, Awareness & Application Security to lead a unified security function that blends governance, risk management, and application security with a strong culture of awareness across the enterprise. This role is ideal for a hands-on leader who can bridge strategy, technology, and communication—embedding security into how we work, build, and innovate.

Key Responsibilities

• Lead the North America GRC program, ensuring alignment with global frameworks and enterprise risk strategy.
• Develop and maintain security policies, standards, and workflows integrated into enterprise GRC tools and operations.
• Design and execute a data-driven security awareness program tailored to diverse user groups.
• Partner with development teams to embed secure-by-design and DevSecOps practices across the SDLC.
• Oversee third-party risk management, including assessments and remediation tracking.
• Drive application security maturity through tools like SAST, DAST, and SCA.
• Deliver insightful risk and performance reporting to leadership using dashboards and KRIs.
• Support audit, compliance, and regulatory readiness (GxP, HIPAA, data protection).
• Collaborate globally to align governance, risk, and security programs across regions.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• Certifications: CISSP, CRISC required; CISM, CSSLP, or other AppSec/GRC preferred.
• 7 years in cybersecurity with hands-on experience in GRC, security awareness, and application security.
• Experience in regulated industries (pharma, biotech, healthcare, or manufacturing).
• Strong grasp of secure SDLC, DevSecOps, and third-party risk management.
• Familiarity with NIST CSF, ISO 27001, HIPAA, GxP, and cloud security fundamentals (AWS, Azure, GCP).