Sr. IT Security Manager

Sr. IT Security Manager
Salt Lake City, Utah
Direct Placement
$135K to $165K annual salary DOE + bonus

The Sr. Manager, IT Security – GRC is responsible for leading and maturing enterprise cybersecurity governance, risk management, and compliance programs. This role ensures cybersecurity risks are identified, assessed, and communicated effectively while aligning security controls with regulatory, contractual, and business requirements. The position partners closely with technical and business leaders to support secure, compliant, and risk-aware operations across the organization.

• Lead and mature enterprise cybersecurity governance, risk, and compliance (GRC) programs
• Develop and maintain security policies, standards, procedures, and governance metrics
• Align cybersecurity frameworks with standards such as NIST CSF, ISO 27001, CIS, and SOC 2
• Conduct cybersecurity risk assessments, gap analyses, and third-party risk reviews
• Manage enterprise cyber risk registers, remediation tracking, and exception processes
• Translate technical security risks into business-focused recommendations and reporting
• Oversee compliance initiatives related to SOC 2, SOX, HIPAA, PCI, privacy, and other frameworks
• Coordinate internal and external audits, evidence collection, and remediation activities
• Develop dashboards and executive-level reporting on cybersecurity risk posture and compliance status
• Partner with Security Operations, Infrastructure, Legal, Audit, and Procurement teams
• Lead, mentor, and develop GRC team members and contributors
• Promote risk-aware decision-making and cybersecurity accountability across the organization

• Bachelor's degree in Information Security, Information Technology, Risk Management, or related field
• 7+ years of experience in cybersecurity, risk management, compliance, or audit roles
• 3+ years of experience in a GRC leadership or senior-level role
• Strong knowledge of cybersecurity frameworks including NIST CSF, ISO 27001, SOC 2, and risk assessment methodologies
• Experience managing audits, compliance programs, and enterprise risk registers end-to-end
• Strong written and verbal communication skills with the ability to influence leadership
• Ability to balance security requirements with business and operational objectives
• Experience presenting risk findings and recommendations to senior leadership

• Experience with GRC platforms such as Service Now GRC, Archer, Drata, Vanta, or One Trust
• Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer

We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.