×
Register Here to Apply for Jobs or Post Jobs. X

Senior Manager, Information Security GRC

Job in Southlake, Tarrant County, Texas, 76092, USA
Listing for: Greystar
Full Time position
Listed on 2026-07-04
Job specializations:
  • IT/Tech
    Information Security, Cybersecurity, Data Security, IT Consultant
Job Description & How to Apply Below

Senior Manager, Information Security GRC

The Senior Manager, Information Security GRC owns the strategy, execution, and continuous improvement of Greystar's Global Information Security Governance, Risk, and Compliance program. This role builds and leads the GRC function - developing internal team capability and directing third-party partners - and is accountable for the frameworks, processes, and reporting that govern security risk, regulatory compliance, third-party risk, and security awareness across the enterprise.

The Senior Manager sets the GRC program roadmap, advises senior leadership on the organization's risk posture, and partners across the business to preserve the availability, integrity, and confidentiality of Greystar and customer information in compliance with applicable information security laws, policies, and standards. Reports to the Information Security Officer (or CISO).

Leadership and Strategy
  • Own the GRC program roadmap and strategy, setting priorities, objectives, and maturity goals aligned with business and security objectives.
  • Build and lead the GRC function, growing internal team capability while directing third-party partners to deliver against program objectives.
  • Advise the Information Security Officer and senior leadership on enterprise security risk posture, emerging threats, and regulatory exposure.
  • Establish and report program metrics, dashboards, and KPIs that communicate GRC program health to senior leadership and the board.
Governance and Compliance
  • Own the information security policy framework, including development, approval, enforcement, and periodic review of policies, standards, and procedures for global locations.
  • Direct the monitoring of changes in laws, regulations, and industry standards affecting information security (e.g., NIST, ISO 27001, PCI DSS, SOX, GDPR, CCPA), and oversee translation of those changes into actionable business requirements.
  • Oversee compliance assessments and maintain the organization's compliance posture across applicable frameworks and regulations.
  • Build and mature AI governance practices, applying emerging frameworks such as ISO 42001 and the NIST AI RMF.
Risk Management
  • Lead the enterprise information security risk management program, including risk assessments across business units, applications, infrastructure, and processes; the risk register; and risk treatment planning.
  • Drive remediation of identified risks, partnering with control owners and holding the program accountable for closure.
  • Own the third-party risk management program, including pre-contract security due diligence, recurring vendor risk reviews, the vendor risk inventory, and remediation tracking.
Audit and Controls
  • Oversee responses to client, regulator, and internal audit requests, including security questionnaires (SIG, CAIQ), evidence collection, and findings remediation.
  • Direct periodic audits of internal control systems to ensure access levels, segregation of duties, and configuration baselines remain appropriate, and lead the response to audit findings requiring action.
  • Oversee periodic user access and privileged access reviews across in-scope systems and applications, ensuring timely remediation of inappropriate or excessive access.
  • Partner with Legal, Privacy, and other stakeholders on Electronically Stored Information (ESI) requests, including identification, preservation, collection, and chain-of-custody documentation in support of legal holds, investigations, and regulatory inquiries.
Awareness and Platform
  • Own the enterprise security awareness program, including training curricula and ongoing awareness communications that promote secure behavior across the organization.
  • Oversee the phishing simulation program, including campaign strategy, results analysis, and remediation training.
  • Direct administration and enhancement of the enterprise GRC platform, including workflow configuration, control library maintenance, reporting, and user support.
Qualifications
  • Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field, or equivalent work experience.
  • Eight or more years of progressive experience in information security, with at least four years focused on GRC, risk, audit, or compliance.
  • Two or more years of direct people-management experience leading security, risk, or compliance teams.
  • Demonstrated experience building, operating, and maturing an enterprise risk management program, including risk assessments, risk registers, and risk treatment planning.
  • Demonstrated experience owning a third-party risk management program, including vendor security assessments and due diligence.
  • Strong working knowledge of security frameworks and standards including ISO 27001, SOC 2, NIST 800-53, and GDPR.
  • Familiarity with cloud environments (AWS, GCP, Azure) and their risk and compliance implications.
  • Familiarity with AI governance concepts and emerging frameworks (ISO 42001, NIST AI RMF), or a demonstrated ability to learn and apply new frameworks quickly.
  • Strong…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary