Program manager - Security Analysis Sr. Specialist Advisor

Evaluate, interpret, and ensure clarity of audit, compliance, and risk obligations and objectives. Develop and manage the comprehensive GRC Program, integrating and leading Audit and Compliance, TPRM, and Cybersecurity Risk to ensure delivery of a cohesive GRC Program. Collaborate with Senior Leadership to align GRC initiatives with organizational objectives. Support implementation of GRC frameworks, policies, and best practices. Establish strategic partnerships and cross-organizational relationships with control owners, second line-of-defense, Enterprise Risk, privacy leaders, and others to enable GRC program effectiveness. Develop GRC Program Roadmap highlighting opportunities and recommendations for continuous GRC Program improvement. Bachelor's degree: Cybersecurity, Information Technology, Risk Management, or related field One or more professional certifications: CISA, CISSP, CRISC, CISM, CGEIT, or equivalent 7+ years in a Cybersecurity, GRC, or IT Risk Management role, with at least 3 years in a program management capacity One or more professional certifications: CISSP, CISA, CRISC, PCI QSA, CISM, or equivalent Effective communication, presentation, interpersonal relationship building, and business acumen Strong understanding and application of risk management frameworks and security/regulatory control frameworks including SOX, PCI-DSS, GDPR, NIST 800-53, NIST CSF, NIST RMF, NIS2 and similar frameworks Proven ability to manage complex large-scale projects Strong leadership, problem-solving, and decision-making abilities. Attention to detail and ability to work independently and collaboratively Ability to remove obstacles, enforce compliance objectives, and drive stakeholders to ensure timely delivery of GRC services Ability to manage competing priorities and comfortable to work through ambiguity Experience in a hybrid/cloud infrastructure environment with complex regulatory requirements Experience with GRC tools and platforms Familiarity with project management practices and techniques Experience working in a matrixed cross-functional environment within a service organization Experience in a client-facing role Graduate Degree Preferred Maintain awareness of the annual internal audit plan. Drive the collection and management of audit evidence ensuring adherence to regulatory requirements for internal and external inspection: SOX, PCI, GDPR, CCPA, and other frameworks. Participate in audit lifecycle engagement with auditor(s) to address scope creep, unwarranted audit findings, and other issues or escalations. Drive remediation of audit findings and provide guidance related to development of a formal management response, remediation plan approval, control validation, and closure of findings. Escalation point-of-contact for Audit and Compliance service. Ensure cross-functional collaboration to address identified control gaps or weaknesses. Provide oversight related to automated Third-Party Risk Management (TPRM) function, ensuring the identification, assessment, and mitigation of risks associated with vendors. Develop and present executive-level reports, dashboards, metrics that provide insights related to audit and compliance, risk posture, GRC Program effectiveness, and progress toward initiatives.