Senior Manager – Cybersecurity & Governance, Risk & Compliance (GRC)

We are seeking an experienced Senior Manager, Cybersecurity & Governance, Risk & Compliance (GRC) to lead and mature our enterprise cybersecurity governance, risk management, compliance, and security assurance programs. This role is responsible for ensuring cybersecurity risks are effectively identified, managed, and communicated while maintaining compliance with regulatory requirements and industry security frameworks.

The Senior Manager will partner closely with Security Operations, IT, Legal, Privacy, Internal Audit, business leaders, and third-party providers to strengthen the organization's security posture, drive risk-based decision-making, and support business objectives. This position combines strategic leadership with operational oversight across governance, compliance, risk management, incident management, and vendor security programs.

• Lead the enterprise cybersecurity governance framework, including policies, standards, controls, and procedures.
• Drive cybersecurity strategy and roadmap initiatives aligned with business goals and risk tolerance.
• Provide leadership with visibility into cybersecurity posture, risks, compliance status, and program effectiveness.
• Lead governance committees and facilitate cross-functional cybersecurity initiatives.

• Conduct enterprise cybersecurity risk assessments and oversee risk treatment activities.
• Maintain the cybersecurity risk register and monitor remediation efforts.
• Evaluate emerging threats, vulnerabilities, and business impacts.
• Perform security reviews for new technologies, projects, and strategic initiatives.
• Lead third-party and vendor security risk assessments and due diligence activities.

• Manage cybersecurity compliance programs aligned with frameworks and regulations.
• Coordinate internal and external audits and oversee remediation of audit findings.
• Ensure security controls, documentation, and evidence repositories support ongoing compliance requirements.
• Monitor and report compliance performance and remediation progress.

• Partner with Security Operations teams and external providers to strengthen monitoring, threat detection, incident response, and vulnerability management programs.
• Review significant cybersecurity incidents, root cause analyses, and corrective action plans.
• Participate in incident response exercises, tabletop simulations, and post-incident reviews.
• Drive continuous improvement of security controls, detection capabilities, and response processes.
• Monitor security metrics, KPIs, KRIs, and operational reporting.

• Manage relationships with MDR, MSSP, SOC-as-a-Service, and other cybersecurity service providers.
• Review vendor assessments, SOC reports, penetration test results, and compliance documentation.
• Ensure third-party providers meet security, compliance, and contractual obligations.
• Lead vendor risk remediation and ongoing security performance reviews.

• Lead and mentor cybersecurity governance, risk, and compliance professionals.
• Partner with IT, Security, Legal, Privacy, HR, Audit, and business leaders to address cybersecurity risks and compliance requirements.
• Present cybersecurity risks, compliance status, audit results, and strategic recommendations to senior leadership and governance committees.
• Serve as a trusted advisor on cybersecurity governance, risk management, and regulatory compliance.

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 12+ years of experience in cybersecurity, information security, risk management, compliance, audit, or security operations.
• 3+ years of leadership or people management experience.
• Experience supporting or partnering with Security Operations (SOC) teams and incident response programs.
• Strong knowledge of cybersecurity frameworks, governance models, and risk management methodologies.
• Experience leading compliance initiatives, audits, and remediation programs.
• Experience managing third-party security assessments and vendor risk programs.
• Strong executive communication, stakeholder management, and presentation skills.

• Experience with Microsoft security and compliance technologies, including Microsoft Purview and Microsoft Sentinel.
• Experience working with SIEM, SOAR, EDR, MDR, vulnerability management, and GRC platforms.
• Experience within regulated or compliance-driven industries.
• Master's degree in a related discipline.

The base salary range for this role is $133,200 to $199,800.  This base salary range represents the low and high end of the base salary range for this position. Actual base salary offered will vary based on various factors including but not limited to location, level, job-related knowledge, skills, experience, and performance.

This job description describes the general nature and level of work expected of a person assigned to this position. All job requirements listed indicate the minimum level of knowledge, skills and/or ability deemed necessary to perform the job proficiently. Employees may be required to perform any other job-related duties as requested by their supervisor.

It is the policy of FORTNA and its affiliated companies to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, pregnancy or pregnancy-related condition, status with regard to public assistance, veteran status, citizenship status (if authorized to work in the U.S.), or any other characteristic protected by federal, state or local law. In addition, FORTNA will provide reasonable accommodations for qualified individuals with disabilities.