We are looking for a Senior Manager of Enterprise Governance & Assurance to lead, shape, and evolve our enterprise security governance, assurance, and risk management programs. In this role, you will lead a team of security professionals dedicated to enhancing our security posture and ensuring compliance with internal policies and external regulations.
As a Senior Manager, you will be instrumental in developing and implementing strategic initiatives to strengthen our security posture, manage risks effectively, and ensure adherence to relevant regulatory requirements and industry best practices. Your expertise will guide the team in conducting comprehensive security assessments, developing robust policies, and fostering a culture of security awareness across the organization.
This is an exciting opportunity to make a significant impact by driving the strategic direction of our security governance and assurance efforts in a dynamic and innovative environment.
What you will do:
- Lead, mentor, and grow a team of security governance and assurance professionals, fostering a culture of continuous improvement and professional development.
- Develop and implement a comprehensive enterprise security governance framework, ensuring alignment with industry best practices and regulatory requirements.
- Oversee the design, implementation, and continuous improvement of security policies, standards, and guidelines across the enterprise.
- Establish and manage a robust security assurance program, including internal and external audits, assessments, and reviews to validate the effectiveness of security controls.
- Drive the maturation of our enterprise security risk management program, including risk identification, assessment, mitigation, and reporting processes.
- Collaborate with legal, privacy, and compliance teams to ensure adherence to relevant laws, regulations, and contractual obligations (e.g., GDPR, CCPA, SOC 2, ISO 27001).
- Provide expert guidance and consultation on security governance, risk, and compliance matters to various stakeholders, including executive leadership, product teams, and engineering.
- Prepare and present regular reports on the state of security governance, assurance, and risk to senior management and relevant committees.
- Stay abreast of emerging security threats, technologies, and regulatory changes, incorporating relevant updates into our governance and assurance strategies.
- Foster strong relationships with internal and external auditors, regulators, and other third-party assurance providers.
Who you are:
- A seasoned security professional with 10+ years of experience in information security, with at least 5 years in a leadership role focused on security governance, risk management, and compliance.
- Demonstrated experience building and scaling enterprise-level security governance and assurance programs in complex, global environments.
- Deep understanding of security frameworks and standards (e.g., NIST CSF, ISO 27001, COBIT) and regulatory requirements (e.g., GDPR, CCPA, SOC 2, PCI DSS).
- Proven track record of successfully managing and developing high-performing teams.
- Excellent communication, presentation, and interpersonal skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
- Strong analytical and problem-solving abilities, with a keen eye for detail and a proactive approach to identifying and mitigating risks.
- Relevant certifications such as CISM, CISSP, CRISC, or CISA are highly desirable.
- Experience with cloud security and compliance (e.g., AWS, Azure, GCP) is a plus.
