Information Security GRC Manager

About The Position

Requirements

• 7+ years of experience in cybersecurity, with a focus on governance, compliance, risk management, or audit.
• 3+ years of demonstrated experience managing or leading a distributed or hybrid team.
• Expert-level understanding of major regulatory frameworks and standards, including but not limited to NIST, ISO, GDPR, and GLBA.
• Proven ability to manage GRC-related projects and work with cross-functional stakeholders to deliver outcomes on time and within scope.
• Strong technical acumen in cloud computing security (AWS, GCP, or Azure), DevOps, and application security.
• Exceptional written and verbal communication skills, with the ability to articulate security risk and compliance requirements to technical staff and business leadership.
• Prior experience in defining metrics, preparing management reports, and implementing process improvements using GRC tools.
• Bachelor’s degree in computer science, information assurance, MIS, or a related technical field, or equivalent practical experience.
• Holds or is actively working toward one or more of the following: CISSP, CISM, CISA, CRISC, or CGRC.

Nice To Haves

• Demonstrated experience in conducting tabletop exercises for business continuity is preferable.

Responsibilities

• Manage and mentor a team of GRC Security Analysts, providing clear direction and facilitating continuous professional development.
• Oversee and execute the security risk assessment process, including identifying, analyzing, and documenting emerging and ongoing risks across the organization and its third parties.
• Lead efforts to document, enforce, and communicate security policies and control frameworks that are aligned with key regulations and standards (e.g., NIST, ISO, GDPR, GLBA).
• Develop, implement, and maintain security policies and controls specifically for the safe and ethical deployment and use of artificial intelligence (AI) systems.
• Act as the primary operational liaison for internal and external audits, coordinating the collection of evidence, tracking the resolution of findings, and ensuring sustained audit readiness.
• Provide direct support to the third-party risk management program, ensuring rigorous security review of vendors and business partners to mitigate external risk.
• Facilitate IT compliance activities, focusing on the operational effectiveness of technical and general IT controls.
• Collaborate with business units and technical teams to ensure adequate security controls are available and implemented during the onboarding of new solutions and systems.
• Define and track qualitative and quantitative metrics to measure the success and maturity of the security program, reporting regularly to program leadership.
• Support incident response and disaster recovery efforts, ensuring GRC documentation and controls are properly applied to corporate resiliency programs.
• Ensure the protection of critical data is maintained through established data classification, data loss prevention (DLP), and records retention requirements.
• Manage information security training requirements for the organization, to include identifying role-based security training for all organizational roles in accordance with the roles capacity to introduce risk in the performance of their duties.

Benefits

• The base salary for this position ranges from $150,000 to $200,000 annually, depending on your location, experience, and qualifications. Additional compensation offerings include company profit-sharing bonus program, communication stipends, and referral bonuses.
• Comprehensive medical, dental, and company paid vision insurance, 401(k) retirement plan with employer match, voluntary life and AD&D insurance options, voluntary supplemental insurances for accident, critical illness, and legal services, paid time off (PTO) and paid holidays, employee assistance and wellness programs, company paid short term disability coverage, company contributions to health saving funds (with participation in the high deductible health plan. We offer company paid access to Galileo for virtual primary care and Rula for virtual mental health resources.
• Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team.
• Career and skill development resources to help advance your career and personal growth.
• A mission-driven environment where your work makes a measurable impact on the real estate industry.