Business Wire, a Berkshire Hathaway company, is the global market leader in press release distribution and regulatory disclosure. We are on a mission to redefine how organizations connect with their audiences - and that’s just the beginning!Organizations, large and small, depend on us to accurately publicize market-moving news and multimedia, and generate social engagements that develop interactions with their target audiences.Business Wire, a Berkshire Hathaway company, is a trusted brand and a global leader in regulatory and financial filings, as well as press release distribution. We are committed to delivering secure and reliable software solutions to our stakeholders and customers, and we are seeking an experienced Senior GRC Manager to lead and elevate our organization's governance, risk management, and compliance audit efforts. In this key role, you will drive the design and implementation of robust risk management frameworks, oversee security awareness programs, manage vendor assessments, and ensure the successful execution of internal and regulatory security audits. Your leadership will be instrumental in enhancing our security posture, ensuring alignment with industry standards, and fostering a culture of security consciousness.
What You Will Do
- Lead the development and execution of an enterprise-wide security risk management framework, encompassing risk identification, assessment, prioritization, and mitigation strategies.
- Provide coaching, management, and guidance to the GRC team, fostering their professional growth and development.
- Design and execute comprehensive security awareness and training programs to promote a culture of vigilance and security consciousness among employees.
- Manage the end-to-end vendor assessment process, evaluating third-party security risks, conducting assessments, and ensuring ongoing compliance.
- Plan, coordinate, and oversee internal and regulatory security audits, collaborating with cross-functional teams to meet compliance requirements.
- Drive customer audit engagements by providing transparent and comprehensive responses to security inquiries, showcasing our dedication to security best practices.
- Conduct thorough business impact assessments, identifying critical assets, assessing potential impact scenarios, and recommending risk mitigation strategies.
- Establish and monitor key risk indicators (KRIs) and key performance indicators (KPIs), providing insights to senior leadership to facilitate informed decision-making.
- Cultivate strong partnerships with cross-functional teams, serving as a trusted advisor and leveraging expertise to drive security initiatives.
- Create and present executive-level dashboards and reports, effectively communicating the state of security risk, compliance, and mitigation efforts.
- Demonstrate excellent presentation skills, conveying complex GRC concepts to diverse audiences, both technical and non-technical.
- Develop and maintain collaborative relationships with customers, external partners, regulatory bodies, and auditors, ensuring successful audits and compliance assessments.
- Improve and mature security policies, standards, and guidelines.
What You Will Need
- Bachelor’s degree in information security, Business Administration, or a related field; advanced degree preferred.
- Minimum of 10 years of progressive information security experience, with a minimum of 5 years in GRC management roles.
- Proven ability to design and implement risk management frameworks, security awareness programs, and vendor assessment processes.
- Extensive experience planning, executing, and evaluating internal and external security audits, with a solid understanding of regulatory compliance (e.g., GDPR, ISO 27001, SOC 2).
- Strong analytical skills, adept at conducting comprehensive business impact assessments and translating findings into actionable risk mitigation strategies.
- Excellent communication skills, both written and verbal, with the ability to convey complex security and compliance concepts effectively
- Track record of successful collaboration with internal teams, vendors, auditors, and customers to ensure alignment and excellence in security practices.
- Professional certifications such as CISSP, CISM, CRISC, or relevant GRC certifications are highly desirable and preferred.
- Experience in developing and presenting executive-level dashboards, metrics, and reports that effectively communicate the state of security and compliance efforts.
- Proven coaching and leadership skills, with a track record of guiding and mentoring a team to achieve exceptional performance.
- As a Senior GRC Manager, your strategic mindset, leadership, and dedication to excellence, combined with your ability to provide executive-level insights and coaching, will contribute to the safeguarding of our assets, data, and reputation. Join us in this pivotal role and be part of a team committed to achieving security and compliance excellence.
- Business Wire will not sponsor a new applicant for employment authorization for this position.
What we Offer
A pre-employment background check will be required after the acceptance of an offer.
- The base salary range for this position is $150K to $190K/year. Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data. Business Wire reserves the right to modify this salary range at any time.
- Business Wire’s total rewards include:
- Ability to work remotely
- Excellent health benefits that begin on your first day of employment
- $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
- 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
- PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!
Business Wire is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Business Wire will also consider for employment qualified applicants with arrest and conviction records.