Our leading financial services client is looking for a permanent resource to join their team as an Information Security Governance, Risk, and Compliance (GRC) Manager.

In this role, you’ll be a key member of the Information Security team, reporting to the Senior Manager, and will take ownership of the organization’s GRC program. You’ll lead efforts to ensure the protection, compliance, and ongoing integrity of information assets—managing everything from ISO 27001 certification to SOC2 audits, day-to-day risk assessments, internal controls, and compliance strategy. You’ll also oversee the enterprise’s physical security program across multiple sites.

Responsibilities:

• Lead the development and execution of the GRC strategy, including governance frameworks and risk assessments.
• Continuously improve the Information Security Management System (ISMS), ensuring alignment with ISO 27001 and other standards.
• Work with internal teams to advise on effective controls and manage risk response strategies.
• Maintain ongoing compliance with SOC2, ISO 27001, and other applicable regulations.
• Prepare and support both internal and external audits, including documentation, gap assessments, and vendor evaluations.
• Keep security policies and procedures up to date and aligned with industry best practices.
• Support the vendor management team by evaluating and monitoring third-party security risks.
• Manage physical security governance and assessments for all company locations.
• Stay on top of industry trends and proactively recommend enhancements to the GRC and security posture.
• Identify and respond to new requirements by collaborating with technical and business stakeholders.

Skills & Experience:

• Bachelor’s degree in Computer Science, Information Security, or equivalent (Master’s preferred).
• 6+ years of GRC management experience in a mid-to-large organization, ideally in financial services.
• Relevant certifications such as CISSP, CISA, CISM, or ISO27001 are preferred.
• Hands-on experience with ISO 27001 and SOC2 audits, policy development, and risk frameworks.
• Strong knowledge of both cybersecurity and physical security principles.
• Proven ability to work cross-functionally with business and IT leaders.

Work Environment:

• Hybrid office setting

We’re an equal opportunity employer committed to increasing diversity and inclusion in today’s workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Minorities, women, LGBTQ candidates, and individuals with disabilities are encouraged to apply. If you require an accommodation, please review our accessibility policy and reach out to our accessibility officer with any questions.