IT & Security Governance Manager

Role Overview

The IT & Security Governance Manager is responsible for advancing enterprise-wide technology maturity across corporate IT, cloud and product environments, and operational systems. This role strengthens governance structures, data stewardship practices, security controls, and operational risk management to ensure that systems and data effectively support the organization's mission, strategic partnerships, and sustainable growth.

This position operationalizes compliance frameworks as structured tools to enhance efficiency, accountability, and resilience—leveraging them to improve processes, mitigate risk, and elevate overall technology governance rather than treating compliance as the sole objective.

• Maintain an organization-wide IT and security roadmap aligned to mission priorities and partner obligations
• Own and manage the organization’s technology risk register (security, data, vendor, and operational risks)
• Define and maintain IT and security policies (access control, logging, data handling, endpoint standards, secure development expectations)
• Establish system ownership documentation and accountability structures
• Provide leadership with clear, actionable reporting on technology health, risk posture, and audit readiness

• Define and implement data classification, access governance, and retention standards
• Map key data flows across internal systems, partner integrations, and cloud environments
• Ensure encryption, logging, and access controls align with data sensitivity and contractual requirements
• Partner with Engineering and program teams to embed secure, scalable system design patterns
• Maintain architecture documentation, data flow diagrams, and control mappings

• Strengthen identity and access management (SSO, MFA, least privilege, access reviews, joiner‑mover‑leaver processes)
• Oversee endpoint and device management fundamentals (MDM, encryption, patching, configuration baselines, EDR/AV)
• Improve SaaS governance and reduce shadow IT risk
• Establish and validate backup, recovery, and resilience expectations for critical systems
• Deliver practical security and data‑handling guidance across departments

• Support the implementation of a practical Secure SDLC in partnership with Engineering
• Own vulnerability management workflows (scanning, triage, prioritization, remediation tracking, verification)
• Maintain cloud security guardrails (IAM standards, key management, logging, monitoring, network controls)
• Participate in secure architecture and security reviews for major initiatives

• Maintain incident response readiness, runbooks, and severity definitions
• Lead tabletop exercises and track follow‑up actions to closure
• Support business continuity and disaster recovery validation
• Conduct vendor and partner security reviews and remediation follow‑ups
• Support audits, customer trust requests, and partner assurance needs
• Partner with Legal to operationalize data protection and security requirements
• Other duties as assigned

To perform the essential functions of this position successfully, an individual should demonstrate the following competencies with one or more of each:

• Strategic IT Governance & Risk Management – Ability to develop and maintain enterprise IT roadmaps, manage technology risk registers, and translate complex risk posture into clear, actionable reporting for leadership.
• Policy Development & Control Implementation – Experience designing, implementing, and operationalizing IT and security policies, standards, and accountability frameworks across access control, data handling, and system governance.
• Data Governance & Systems Oversight – Strong understanding of data classification, retention, encryption, access governance, and data flow mapping to ensure controls align with contractual and operational requirements.
• Identity, Access & Infrastructure Security Foundations – Proficiency in IAM best practices (SSO, MFA, least privilege, access reviews), endpoint management fundamentals,…