Manager, IT & Cybersecurity GRC

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead and implement the IT SOX program, encompassing annual scoping, risk assessments, control design, testing strategies, and remediation of deficiencies.

• Take ownership of and enhance the IT General Controls (ITGC) framework (Access, Change Management, Operations, SDLC) to ensure alignment with SOX and COSO standards.

• Act as the main point of contact for Internal and External Audit, promoting efficient audit execution and ensuring high-quality results.

• Collaborate closely with Finance and Internal Audit to co-create control narratives, conduct risk assessments, and prepare materials for the audit committee.

• Propel the advancement of the Enterprise Risk Management (ERM) program addressing IT and Cybersecurity risks, which includes leading cross-functional risk workshops and maintaining the enterprise risk register.

• Convert technical risks into business-relevant insights and deliver clear reports to executive stakeholders, including the CIO and Audit Committee.

• Oversee risk lifecycle processes including risk identification, assessment, mitigation planning, and continuous monitoring.

• Establish and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to evaluate program effectiveness and guide decision-making.

• Draft and maintain IT and cybersecurity policies, standards, and procedures to ensure compliance with regulatory and industry frameworks.

• Assess and integrate GRC tools, automation, and analytics to improve control monitoring and reporting capabilities.

• Review and evaluate third-party risks through SOC1/SOC2 and other service provider assurance reports.

• Lead and nurture a small team (or provide functional leadership), promoting growth, accountability, and high performance.

• Spearhead cross-functional initiatives and special projects that enhance governance, risk posture, and operational resilience.

⛳️ Requirements

• Over 6 years of progressive experience in integrated audit, regulatory compliance, cybersecurity GRC, or risk management.

• Proven experience in owning and executing IT SOX / ITGC programs within a public company or a SOX-regulated setting.

• Practical experience with risk management frameworks (COSO, NIST RMF, ISO 27001/27005 or similar).

• Demonstrated ability to lead cross-functional initiatives and achieve alignment among Finance, Audit, Engineering, and Security teams.

• Experience managing audits and serving as the primary liaison for auditors.

• Strong analytical and problem-solving capabilities with the skill to assess complex risks and design effective controls.

• Background in mentoring or leading others, with a proven track record of developing talent and fostering strong team engagement.

• Bachelor’s Degree in Accounting, Information Systems, Cybersecurity, or a related discipline.

🏝️ Benefits

• Competitive compensation and benefits.