×
Register Here to Apply for Jobs or Post Jobs. X

Senior Manager GRC

Job in Louisville, Jefferson County, Kentucky, 40201, USA
Listing for: Papa John's International , Inc.
Full Time position
Listed on 2026-05-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 100000 - 130000 USD Yearly USD 100000.00 130000.00 YEAR
Job Description & How to Apply Below

Position Overview

Papa Johns is seeking a Senior Manager, Governance, Risk & Compliance to establish and operate the cybersecurity governance and risk control plane across the enterprise. This role is responsible for enabling risk-informed decision making, clear accountability, and consistent control governance across business, IT, cloud, and third-party environments. The ideal candidate will bring strong judgment, the ability to operate across organizational boundaries, and experience building and scaling GRC capabilities in complex environments.

Responsibilities

The primary responsibilities of this role include:

  • Establishing and operating the enterprise cybersecurity risk management program, including risk identification, prioritization, and tracking
  • Defining and enforcing risk acceptance, escalation, and accountability frameworks
  • Developing executive and board-level risk reporting aligned to business impact
  • Defining and governing cybersecurity policies, standards, and control frameworks aligned to industry standard frameworks
  • Ensuring consistent control implementation and enforcement across IT, cloud, and business environments
  • Leading exception management processes to ensure risk is explicitly understood and accepted at the right levels
  • Establishing and leading the third-party risk management program, including vendor tiering and assessments
  • Coordinating regulatory and audit engagements (internal and external)
  • Partnering across Security, IT, Legal, Compliance, and Procurement (among others as relevant) to align risk and control expectations
  • Establishing and governing the cybersecurity awareness and training program, ensuring it is aligned to enterprise risk and tailored user roles
  • Overseeing control validation, testing, and assurance activities
  • Ensuring governance of vulnerability management, logging, and detection capabilities
  • Driving continuous improvement through risk insights, incident learnings, and control effectiveness reviews
  • Managing and optimizing budget and resources to support governance, risk, and compliance capabilities
Qualifications

The successful candidate will possess the following:

  • 6–10+ years of experience in cybersecurity risk management
  • Proven leadership experience in building, scaling, and maturing teams and operating models
  • Strong understanding of cybersecurity control frameworks
  • Demonstrated ability to translate technical risk into business impact and action
  • Experience building or maturing GRC programs in complex organizations
  • Strong judgment in prioritization, tradeoff decisions, and stakeholder alignment
  • Experience supporting or leading SOX ITGC and/or application control environments in a complex organization
  • Experience establishing or evolving security awareness and behavior change programs
  • Excellent communication skills and ability to influence across technical and business stakeholders
  • Experience working with third-party risk, audit, and compliance functions
Day in the Life

This role is less about managing a checklist and more about orchestrating how the organization understands and acts on risk.

A typical day may include:

  • Reviewing the enterprise risk register, identifying where risks are aging, stuck, or no longer aligned to business priorities
  • Coaching and developing team members and leaders, ensuring clarity in priorities, accountability, and execution
  • Meeting with Security and IT leaders to challenge and refine risk prioritization, ensuring the highest-impact issues are being addressed first
  • Partnering with a business or product team to translate a technical control gap into business impact, helping them understand tradeoffs and required actions
  • Working through a risk acceptance decision, ensuring the right level of leadership is engaged and the decision is documented and understood

    Aligning with Procurement and Legal on a high-risk third-party engagement, ensuring appropriate controls and risk mitigation strategies are in place
  • Coordinating with vulnerability management, detection, or testing teams to ensure findings are being tracked, prioritized, and driven to resolution
  • Preparing or refining executive-level reporting, focusing on what has improved, what remains at risk, and where…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary