Manager Cybersecurity Governance, Risk & Compliance

Summary:

This role is responsible for leading the Cybersecurity Governance, Risk, & Compliance function with responsibility for a risk-‑based compliance program that integrates Assessment & Authorization (A&A/RMF), policy and planning, and continuous monitoring across on-premise‑ and cloud environments. Coordinates security control assessments and system authorizations per NIST RMF practices and develops/maintains cybersecurity policy and governance to ensure alignment with enterprise goals and regulatory obligations (e.g., SOX, NIST 800-NNN‑, ISO/IEC 27001, privacy laws). Primary alignment to NICE Systems Authorization and Cybersecurity Policy & Planning work roles, with additional responsibilities consistent with the Authorizing Official/Designating Representative role for risk acceptance and accreditation decisions.

Essential Functions:

• Lead the enterprise Assessment & Authorization (A&A) lifecycle-categorization, control selection/implementation, assessment, authorization, and continuous monitoring-using the NIST RMF and organizational procedures.
• Oversee and perform security control assessments; document results, identify systemic issues, and track remediation to closure.
• Prepare, review, and maintain authorization packages (e.g., SSP, SAR, POA&M); recommend risk disposition and authorization decisions.
• Develop, publish, and maintain cybersecurity policies, standards, and implementation guidelines; ensure policy alignment to business objectives and regulations.
• Establish compliance metrics and executive reporting (e.g., control effectiveness, residual risk trends, time-to‑-‑remediate, audit closure rate); drive continuous improvement.
• Coordinate internal/external audits; design and implement independent audit processes for applications, networks, and systems; validate corrective actions.
• Govern third-party‑ / supplier compliance (security and privacy requirements, contractual clauses, assessments) and track risk treatment.
• Advise leadership on risk acceptance and authorization determinations; ensure decisions reflect organizational risk tolerance and mission impacts
• Integrate policy, standards, and A&A activities with security architecture/engineering and IT operations to embed compliance by design.
• Monitor emerging regulations and technologies; update policy and control baselines accordingly.

Qualifications:

• Bachelor's degree in information systems, computer science, cybersecurity, or related field (or equivalent experience).
• Certifications: CISA, CISM, CRISC, CIPM, CGEIT, or CISSP (preferred).
• 5+ years in IT Compliance / GRC, including RMF based A&A, policy governance, audit management, and third party risk.
• Hands on with NIST control baselines, ISO/IEC 27001 controls, SOX ITGCs, and privacy obligations,
• Experience with GRC platforms, evidence automation, and cloud compliance tooling.
• Strong leadership, stakeholder communication, and executive reporting skills.