Information Security GRC Manager
Hybrid · Dallas, Texas, United States or Akron, Ohio, United States
Job Summary
Lead Governance & Security Programs: Develop and maintain the enterprise information security governance framework and cross-functional governance forums; oversee security policies, standards, procedures, and risk methodologies. Drive Risk Management across enterprise risk assessments, KRIs, and KPIs; define reporting. Own Compliance & Certifications by planning and executing assessments (e.g., PCI-DSS, NIST CSF, ISO 27001) and coordinating with external auditors. Manage Audit & Assurance activities, remediation tracking, and SOX-related controls where applicable. Partner Across the Business to embed security into operations and provide regular risk/compliance reporting to senior leadership. Promote Security Awareness through training and program delivery. Qualifications include a Bachelor’s degree and 10+ years in information security/IT risk/compliance, 2–3+ years in a GRC-focused role, familiarity with NIST/ISO 27001/COBIT, and strong communication and project management skills; certifications like CISSP/CISM/CRISC/CISA are a plus.
Required Qualifications
- Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Business, or related field
- 10+ years of experience in information security, IT risk, or compliance
- 2–3+ years of hands-on experience in a GRC-focused role
- Strong knowledge of frameworks and standards (e.g., NIST, ISO 27001, COBIT)
- Experience managing audits and working with external regulators or assessors
- Excellent communication skills, with the ability to engage both technical and business stakeholders
- Strong project management skills and ability to manage multiple initiatives simultaneously
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.