GRC Program Manager

Summary

Join Abnormal Security as a GRC Program Manager to support the GRC team and programs, facilitating information security and data governance processes. You will play a critical role in executing GRC programs, improving program/project management and reporting, and coordinating with other program managers. This position involves owning select GRC operations, developing and maintaining documentation, and acting as a project manager for critical GRC projects. The ideal candidate possesses proven program and project management skills, understands GRC principles, and can effectively communicate with technical and non-technical audiences. You will be responsible for developing program plans, defining goals, and overseeing program performance. This role requires strong communication and collaboration skills to ensure alignment across teams and effective reporting to senior management.

Requirements

• 4+ years in a program manager role assigned to GRC, Security, or a team in a related field
• Bachelor’s degree or equivalent experience
• Proven experience leading complex technical programs and successfully executing projects with an emphasis on delivering results
• Strong understanding of security concepts and practical usage
• Strong understanding of basic governance, risk management, and compliance concepts and requirements
• A solid grasp of audit, security, financial, and operational internal control methodologies and terminology (e.g., COSO)
• Ability to effectively communicate governance, risk, and compliance program performance to management
• Familiarity with project management tools, ServiceNow, and Jira

Responsibilities

• Develop program plans, define program goals, objectives, deliverables, and success criteria
• Develop frameworks and best practices for projects and operations
• Oversee program/project/process performance
• Ensure program activities align with strategy and manage the timely and high-quality execution of GRC landmarks
• Work with project managers to develop project plans
• Design and manage program/project reporting for varying levels of audience
• Coordinate with other program managers to ensure consistency across programs/projects within the InfoSec organization
• Drive program maturity growth through development of program maturity models and maturity roadmap; track progress
• Direct project management of critical projects for GRC projects or cross-functional projects identified through GRC Programs
• Drive remediation and mitigation activities , also known as issues management, through development of tracking, update, and progress reporting processes for projects identified by GRC programs related to remediation and mitigation
• Lead GRC Documentation Management including maintaining document templates, overall document structure, and content requirements. Develop and maintain documentation for the team, programs, and projects
• Lead select GRC operations as assigned by the Director of GRC
• Support GRC planning activities for strategic, annual, and quarterly planning, including cross-functional planning coordination
• Maintain regular, clear communication with project teams, key partners, and management regarding the status of programs, projects, owned processes and issues management
• Effectively communicate program and project execution status , program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners

Preferred Qualifications

• PMP, CRISC, CISSP, CISA, or CISM certification(s)
• Prefer a degree in information assurance, computer science, information security, or business
• Experience preferably at a technology or SaaS / Cloud and/or with a regulated public company
• Big 4 experience
• Familiarity with Governance Risk Compliance (GRC) tools, Drata

Benefits

• Bonus
• Restricted stock units (RSUs)