GRC & Incident Manager
Listed on 2026-06-03
-
IT/Tech
Cybersecurity, Information Security
Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law. If you need assistance or accommodation due to a disability, you may contact us at Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms.
To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation. And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm.
Day in the Life
The GRC & Incident Manager is responsible for leading and maturing the organization’s governance, risk, compliance, and data privacy programs across IT systems, cloud environments, and third-party vendors. This role partners with Security, Engineering, and Compliance to ensure regulatory requirements and privacy obligations are translated into practical controls that protect sensitive data while supporting business operations. In addition to incident command duties, this role leads the organization’s GRC program, including SOC 2 compliance, GLBA Safeguards Rule obligations, ISO/IEC 27001 alignment, and third-party risk management.
Data privacy responsibilities are performed in a supporting capacity, ensuring privacy obligations are integrated into incident response, compliance documentation, and vendor oversight. This role operates at the intersection of security operations, IT, compliance, and executive leadership—translating chaos into structured response and measurable improvement, and ensuring the organization’s controls, frameworks, and risk posture remain audit-ready at all times.
- Serve as Incident Commander during security incidents, exercising full command and control over response operations.
- Collaborate with stakeholders to develop, execute, and maintain Incident Action Plans (IAPs) to drive structured, measurable response.
- Make high-impact decisions under pressure, balancing safety, regulatory risk, and business continuity.
- Coordinate internal response teams including Security Operations, Engineering, IT, Legal, Compliance, Communications, and Executive Leadership.
- Participate in post-incident reviews and drive corrective actions to close gaps and reduce recurrence.
- Manage physical security incidents including unauthorized access, safety threats, and facility disruptions.
- Coordinate with Facilities, HR, Legal, and local authorities as needed during physical security events.
- Ensure physical security controls align with cybersecurity, business continuity, and compliance programs.
- Act as the central coordination point between technical response teams and non-technical stakeholders during incidents.
- Coordinate with external parties including law enforcement, emergency services, regulators, and vendors when required.
- Collaborate with stakeholders to improve incident response playbooks, escalation models, and readiness posture.
- Participate in tabletop exercises and incident simulations to validate response capability and team readiness.
- Maintain and operate the organization’s SOC 2 compliance program (Type I and Type II), including control ownership, evidence collection, auditor coordination, and remediation tracking.
- Support alignment with ISO/IEC 27001, including risk assessments, Statement of Applicability support, and control mapping.
- Manage compliance obligations under GLBA, including Safeguards Rule requirements, vendor oversight, and risk documentation.
- Conduct periodic risk assessments…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).