Senior Manager, Cybersecurity Governance, Risk, and Compliance

Job Overview

An organization seeking to strengthen and mature its cybersecurity governance program is hiring a Senior Manager of Cybersecurity GRC. This leadership role is responsible for driving enterprise-wide governance, risk management, compliance, and data privacy initiatives while partnering with executive stakeholders to align security strategy with business objectives. Candidates with strong leadership experience, deep regulatory expertise, and a proven ability to operationalize cybersecurity programs will be prioritized for interviews.

• 10+ years of cybersecurity experience, including at least 5 years leading GRC functions
• Strong expertise with cybersecurity governance frameworks such as NIST and ISO 27001
• Experience managing enterprise risk programs, cyber risk registers, and executive reporting
• Hands‑on knowledge of GDPR, PCI DSS, SOX, DFARS/CMMC, and data privacy regulations
• Experience overseeing vendor and third‑party security risk management programs
• Proven ability to lead incident response governance and regulatory response activities
• Relevant certifications required, including CRISC, CGEIT, CISM, or CISA; CISSP preferred
• Strong communication skills with experience presenting to executive leadership and senior stakeholders

The organization is looking for a cybersecurity leader who can strengthen governance practices while enabling business growth and operational resilience. This role will oversee enterprise‑wide GRC initiatives, manage strategic cybersecurity investments, and ensure compliance with evolving global regulations. You will partner closely with legal, procurement, technology, and executive teams to balance risk management with operational efficiency.

• Lead the development, maintenance, and enforcement of cybersecurity policies, standards, and governance frameworks
• Translate regulatory and compliance requirements into practical operational controls and procedures
• Build and manage a multi‑year cybersecurity roadmap aligned to organizational priorities
• Oversee cybersecurity budgeting, including strategic investments across tools, personnel, and third‑party services
• Manage enterprise compliance efforts related to global privacy and security regulations
• Develop and maintain cyber risk reporting metrics, KRIs, KPIs, and executive dashboards
• Establish and oversee enterprise third‑party risk management processes, including vendor assessments and continuous monitoring
• Support incident response governance activities, including regulatory coordination and crisis management participation
• Lead cybersecurity awareness initiatives, phishing simulations, and workforce training programs
• Define and implement enterprise strategies for data classification, data handling, and data loss prevention
• Mentor and develop cybersecurity professionals while fostering accountability and continuous improvement across the team
• Collaborate cross‑functionally with IT, legal, procurement, audit, and executive leadership teams to improve security maturity

• Hybrid work environment with a combination of onsite and remote work flexibility
• Occasional travel may be required based on business needs
• Availability for after‑hours incident response support is expected
• Level and title may be adjusted based on experience and qualifications
• Comprehensive benefits package available, including health coverage, paid leave, career development opportunities, and wellness programs
• Equal opportunity employer committed to fostering an inclusive and collaborative workplace culture

W2 employees of Overture Partners who work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), 401(k) starting on day one, a variety of voluntary benefits including life and disability insurance, and sick time if required by law in the worked‑in state/locality.