GRC Program Manager

About the Role

Abnormal Security is looking for a GRC Program Manager (Governance, Risk, and Compliance) to support the GRC team and programs. The GRC team aims to facilitate information security and data governance processes, enable risk-based decision-making, and deliver a compliance foundation to achieve and maintain compliance certifications.

This role will play a critical part in the successful execution of GRC programs and driving the achievement of program objectives. The role will be focused on owning and improving program/project management and reporting practices across GRC, coordinating and aligning with other organizational program and project managers to implement consistent practices, developing and maintaining team and project documentation, ownership of select GRC operations, facilitating best practices with team internal processes, and supporting the Director of GRC with planning activities. In addition this role will act as project manager for critical GRC projects and cross-functional projects identified through the GRC programs to drive risk reduction across the company.

The ideal candidate will have proven program and project management skills, can design project management and operational processes and scale through continuous improvement, can produce and maintain comprehensive documentation and reporting, and understands the requirements and operations of governance, risk, compliance, customer trust, and privacy programs.

Who you are

• Proven experience leading and scaling programs as a program manager for a GRC or similar team, managing portfolios of projects, and developing and implementing frameworks and best practices.
• Proven experience developing and reporting project and program performance metrics to varying levels of audience.
• Demonstrated experience developing and maintaining technical, procedural, and program/project related documentation .
• Solid technical background with an ability to give instructions to a non-technical audience.
• Hold yourself accountable for high-quality results and meeting deadlines in a fast-paced environment.
• Exercise sound judgment even when faced with ambiguity or competing approaches regarding the best path to success.
• Ability to foster relationships with stakeholders and represent the GRC team across

What you will do

• As a key contributor within GRC, you will own GRC program management such as developing program plans, defining program goals, objectives, deliverables, and success criteria, developing frameworks and best practices for projects and operations, and overseeing program/project/process performance.
• Ensure program activities align with strategy and manage the timely and high-quality execution of GRC landmarks.
• Work with project managers to develop project plans.
• Design and manage program/project reporting for varying levels of audience.
• Coordinate with other program managers to ensure consistency across programs/projects within the InfoSec organization.
• Drive program maturity growth through development of program maturity models and maturity roadmap; track progress.
• Direct project management of critical projects for GRC projects or cross-functional projects identified through GRC Programs.
• Drive remediation and mitigation activities, also known as issues management, through development of tracking, update, and progress reporting processes for projects identified by GRC programs related to remediation and mitigation.
• Lead GRC Documentation Management including maintaining document templates, overall document structure, and content requirements. Develop and maintain documentation for the team, programs, and projects.
• Lead select GRC operations as assigned by the Director of GRC.
• Support GRC planning activities for strategic, annual, and quarterly planning, including cross-functional planning coordination.
• Maintain regular, clear communication with project teams, key partners, and management regarding the status of programs, projects, owned processes and issues management.
• Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to senior management both within Security and to our business partners.

Must Haves

• 4+ years in a program manager role assigned to GRC, Security, or a team in a related field
• Bachelor’s degree or equivalent experience
• Proven experience leading complex technical programs and successfully executing projects with an emphasis on delivering results.
• Strong understanding of security concepts and practical usage
• Strong understanding of basic governance, risk management, and compliance concepts and requirements
• A solid grasp of audit, security, financial, and operational internal control methodologies and terminology (e.g., COSO)
• Ability to effectively communicate governance, risk, and compliance program performance to management
• Familiarity with project management tools, ServiceNow, and Jira

Nice to Haves

• PMP, CRISC, CISSP, CISA, or CISM certification(s)
• Prefer a degree in information assurance, computer science, information security, or business.
• Experience preferably at a technology or SaaS / Cloud and/or with a regulated public company
• Big 4 experience
• Familiarity with Governance Risk Compliance (GRC) tools, Drata

At Abnormal AI, certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons. We know that benefits are also an important piece of your total compensation package. Learn more about our Compensation and Equity Philosophy on our Benefits & Perks page.

Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here. If you would like more information on your EEO rights under the law, please click here.