Information Security GRC Manager

Position:
Information Security GRC Manager

Location:

Dallas, TX or Akron, OH (Hybrid) – Open to remote.

We are seeking an experienced Information Security GRC Manager to lead our governance, risk, and compliance (GRC) program. This role is critical in ensuring our information security practices align with regulatory requirements, industry standards, and business objectives. As a key member of the security leadership team, you will drive enterprise risk management, oversee compliance initiatives, and provide clear, actionable insights on our security posture to senior leadership.

• Lead Governance & Security Programs
  • Develop and maintain the enterprise information security governance framework
  • Establish and lead cross-functional governance forums (e.g., compliance working groups, risk committees)
  • Oversee security policies, standards, procedures, and risk methodologies
• Drive Risk Management
  • Lead enterprise-wide risk assessments, including identification, analysis, and mitigation of security risks
  • Define, track, and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
  • Partner with stakeholders to support risk-based decision‑making
• Own Compliance & Certifications
  • Plan and execute compliance and readiness assessments (e.g., PCI‑DSS, NIST CSF, ISO 27001)
  • Serve as the primary liaison for external auditors and assessors
  • Ensure ongoing adherence to regulatory and contractual requirements
• Manage Audit & Assurance Activities
  • Coordinate internal and external audits, including SOX‑related controls where applicable
  • Oversee remediation tracking and ensure timely resolution of findings
  • Continuously improve control effectiveness and assurance processes
• Partner Across the Business
  • Collaborate with IT, Legal, Privacy, and business teams to embed security into operations
  • Translate complex security and compliance requirements into business‑friendly language
  • Provide regular reporting on risk posture and compliance to senior leadership
• Promote Security Awareness
  • Develop and deliver training and awareness programs related to risk and compliance
  • Foster a culture of security and accountability across the organization

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Business, or related field (Master’s preferred)
• 10+ years of experience in information security, IT risk, or compliance
• 2–3+ years of hands‑on experience in a GRC‑focused role
• Strong knowledge of frameworks and standards (e.g., NIST, ISO 27001, COBIT)
• Experience managing audits and working with external regulators or assessors
• Excellent communication skills, with the ability to engage both technical and business stakeholders
• Strong project management skills and ability to manage multiple initiatives simultaneously

• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA)
• Experience with SOX ITGC controls and audit coordination
• Familiarity with third‑party/vendor risk management programs
• Experience with GRC tools (e.g., Optro (Audit Board), Service Now GRC, One Trust)

• Competitive healthcare, dental & vision insurance
• 401(k) matching after one year of employment
• Generous time off + company holidays
• Merchandise discount
• Learning & Development programs
• Much more!