Sr Manager, InfoSec Governance Risk and Compliance (GRC)

About the role

CONTEXT: Our InfoSec team is dedicated to building, maintaining, and continuously improving Ivalua's Information Security program globally. We provide peace of mind and assurance of protection and safety to our customers. In this fast-growing environment, the GRC program is critical to ensuring compliance with industry standards and certifications, managing risks, and supporting business growth. ROLE: We are currently looking for an experienced InfoSec Governance Risk and Compliance (GRC) Sr Manager to lead a global team and own the GRC program worldwide. Reporting to the InfoSec leadership, you will manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards. WHAT YOU WILL DO WITH US Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team. Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others. Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders. Efficiently manage and respond to customer security audit and compliance requests in a timely manner. Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards. Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua's security posture to prospects and customers. Review and negotiate information security exhibits and contractual terms in partnership with the legal team. Lead the Security Awareness and Training program to promote a culture of security across the organization. Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits. Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks. Develop, maintain, and enforce InfoSec policies, standards, and plans. YOUR PROFILE If you have the below experience and strengths this role could be for you: