Immediate Interview - Cyber Security Program Manager – GRC, ISO & Risk Management || (Onsite), California

[Allen Chris || Smartsoft International]

Dear Vendor, 

 

Hope you are doing well

Job Title: Cyber Security Program Manager – GRC, ISO & Risk Management
Location: California (Onsite)
Experience: 15+ Years

Job Summary

We are seeking an experienced Cyber Security Program Manager to lead enterprise-wide Governance, Risk, and Compliance (GRC) initiatives, with a strong emphasis on ISO 27001 implementation, risk management, and security governance frameworks. This role will drive security programs, ensure regulatory compliance, and enhance organizational security maturity across global operations.

Key Responsibilities

• Lead and manage enterprise Cyber Security GRC programs aligned with business and regulatory requirements.
• Drive ISO 27001 implementation, certification, and continuous improvement of the Information Security Management System (ISMS).
• Develop and implement risk management frameworks, including risk identification, assessment, mitigation, and reporting.
• Ensure compliance with industry standards such as ISO 27001, NIST CSF, NIST 800-53, and regulatory requirements.
• Lead internal and external audits, including ISO certification audits and compliance assessments.
• Establish and track security KPIs, KRIs, and governance metrics.
• Develop, review, and enforce security policies, standards, and procedures.
• Collaborate with cross-functional teams (IT, Legal, Risk, Compliance, and Business Units) to ensure governance alignment.
• Provide executive-level reporting on risk posture, compliance status, and audit findings.
• Drive security maturity model implementation (e.g., CMMI / CMMC) and continuous improvement initiatives.

Required Skills & Qualifications

• 12+ years of overall IT experience with strong expertise in Cyber Security GRC, ISO, and Risk Management.
• Proven experience in ISO 27001 implementation and certification lifecycle management.
• Deep understanding of:
• Governance, Risk & Compliance (GRC) frameworks
• Risk assessment and mitigation methodologies
• Policy and control framework design
• Hands-on experience with NIST CSF, NIST 800-53, and similar frameworks.
• Strong experience in audit management, compliance reporting, and regulatory adherence.
• Experience managing enterprise-wide security programs and stakeholders.
• Excellent communication, leadership, and stakeholder management skills.

GRC, ISO & Risk Management Expertise

• Expertise in ISO 27001 implementation, ISMS design, and audit readiness.
• Strong background in enterprise risk management and governance frameworks.
• Experience with GRC tools and platforms.
• Knowledge of security maturity models (CMMI / CMMC) and implementation practices.
• Ability to define and enforce organizational security governance structures.

 Required Certification

• ISO 27001 Lead Implementer / Lead Auditor

Regards

Allen Chris

Emails : All...@smartsoftus.com

http://www.smartsoftus.com/

Email is the best way to reach me.

CONNECT WITH ME ON: Linked-IN