Position Details

Type Not Specified

Experience senior

Exp. Years 10+ years

Education Not Specified

Category Cybersecurity

About this role

Lead the firm's cybersecurity GRC (Governance, Risk Management & Compliance) program, owning the multi-year GRC strategy, budget, and Board liaison to mature policy, standards, and regulatory compliance across the organization.

Key Responsibilities

Policy governance and standards; Strategic planning and budgeting; Compliance & data privacy; Risk management & reporting; Third-party & vendor risk management

Technical Overview

Oversees policy governance, risk management, and compliance programs aligned to ISO 27001 and NIST CSF; manages regulatory requirements (GDPR, CMMC/DFARS, CCPA/CPRA, SOX) and third-party risk; leads adversarial readiness and data privacy initiatives.

Ideal Candidate

The ideal candidate is a mid-to-senior level GRC leader with 10+ years in cybersecurity and governance, risk, and compliance programs, capable of aligning security investments to business objectives and reporting to the Board.

Must-Have Skills

CRISC (Certified in Risk and Information Systems Control)CGEIT (Certified in the Governance of Enterprise IT)CISM (Certified Information Security Manager)CISA (Certified Information Systems Auditor)

Nice-to-Have Skills

CISSP (Certified Information Systems Security Professional)

Required Skills

GRCGovernanceRisk ManagementComplianceData PrivacyGDPRCMMCDFARSCCPA/CPRASOXISO 27001NIST CSFKRIsKPIsThird-Party Risk ManagementIncident ResponseRed TeamSecurity TrainingBudget ManagementBoard Reporting

Hard Skills

NIST Cybersecurity FrameworkISO 27001GDPRPCI DSSDFARS/CMMCCCPA/CPRASOXKRIsKPIsRisk ManagementThird-Party Risk ManagementIncident ResponsePenetration TestingPolicy GovernanceTraining & Awareness

Soft Skills

LeadershipStrategic PlanningBudget ManagementCommunicationExecutive LiaisonCollaboration

Certifications

Required

CRISC (Certified in Risk and Information Systems Control)CGEIT (Certified in the Governance of Enterprise IT)CISM (Certified Information Security Manager)CISA (Certified Information Systems Auditor)

Preferred

CISSP (Certified Information Systems Security Professional)

Industry & Role

Industry Logistics

Job Function Own and mature the organization’s GRC program and data privacy posture, aligning security investments to business objectives and reporting to executive leadership.

Role Subtype GRC Manager

Tech Domains Cybersecurity

Keywords for Your Resume

GRCGovernanceRisk Management & ComplianceNIST Cybersecurity FrameworkISO 27001GDPRDFARS/CMMCCCPA/CPRASOXCRISCCGEITCISMCISACISSPvendor risk managementprivacydata privacyboard liaisonbudget managementpolicy governancedata classificationDLPNIST CSF

Deal Breakers

Less than 10 years in cybersecurity, No leadership experience in GRC, No experience with GDPR/CCPA/DFARS/CMMC

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Sr. Manager of Cybersecurity Governance, Risk Mgmt & Compliance

Get matched to jobs like this