Manager, IT Cybersecurity (Governance, Risk and Compliance)

The Manager, Global Cybersecurity will be responsible for leading and managing the Mosaic Governance, Risk, and Compliance team. A governance, risk, and compliance (GRC) manager serve as the subject matter expert for companywide GRC initiatives, collaborating closely with Internal audit, Enterprise Risk Management, and other cybersecurity leaders. This role encompasses the development, implementation, and ongoing coordination of enterprise GRC efforts. The GRC manager is responsible for overseeing enterprise-wide cybersecurity risks (including both Information Technology (IT) and Operational Technology (OT), conducting risk analyses and mitigation options, while regularly tracking and reporting to executive leadership. In addition, the manager accepts duties to enforce GRC rigor globally for enterprise-wide obligations. Additionally, this role involves implementing and advancing policies and a comprehensive control framework to execute the GRC strategy. The GRC manager oversees the administration of standards and controls, risk management, third-party risk, security awareness initiatives, IT business continuity and disaster recovery, baseline security controls, and technology compliance initiatives.
This position requires a deep understanding of relevant regulations, risk management methodologies, technical controls, and a proactive approach to addressing both operational and strategic risks. The GRC manager collaborates with a cross-functional team of GRC analysts to evaluate controls, map them to key performance indicators, measure effectiveness and produce timely reports for management. These reports are essential for identifying, evaluating, and reporting on cybersecurity risks that may impact the business, ensuring informed decision-making. Strong business acumen and a diverse technical background are crucial for understanding emerging technologies and legacy systems considered business critical. The GRC manager reports to the Director, IT Cybersecurity.

What will you do?

• Lead organization wide GRC initiatives in partnership with risk management and cybersecurity teams. Oversee all GRC activities and coordinate closely with corporate risk management. Serve as a subject matter expert and trusted advisor for leadership on daily GRC matters. Serve as the primary contact for responding to business unit inquiries regarding IT compliance. Maintain a strategic and comprehensive GRC program that includes policies, standards, processes, and guidelines. Oversee third-party and vendor risk as an integral part of the organization’s risk management strategy. Facilitate training programs to enhance risk and compliance awareness and educate employees.

• Collaborate with IT, legal, finance and operations to develop a cohesive GRC program. Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled. Provide guidance to team members to ensure compliance with relevant laws and regulations. Deliver GRC reports to management, emphasizing compliance status, risk exposure and mitigation efforts. Document GRC activities, policies, assessments, and corrective actions to ensure audit readiness. Motivate functional areas to implement practices that comply with cybersecurity policies and standards.

• Conduct regular risk assessments, analyzing emerging risks across the organization. Coordinate with stakeholders to implement effective risk mitigation strategies. Document, communicate and enforce cybersecurity standards that balance risk with business operations. Oversee the protection of critical data through data classification, DLP and records retention requirements. Provide leadership in collaboration with technical and business teams to strengthen business resiliency. Oversee security systems and configuration administration to reduce risk to systems and accounts.

• Implement process improvements using GRC tools and methodologies to drive productivity gains. Stay updated on regulatory changes and industry standards, such as ISO, NIST, GDPR, HITRUST and HIPAA. Cooperate with internal and external auditors to maintain and implement controls that meet GRC requirements. Appoint a team to monitor priority issues with rigorous documentation and reporting. Guide team to align with security, audit, and risk management efforts in ongoing security program assessments. Regularly traveling to site and office locations for critical initiatives and regular relationship building and team development.

What do you need for this role?

• Bachelor's degree required, Cybersecurity or Information Systems, Computer Science, Information Systems or related field.

• CISM, CISA, CRISC, GGRC or CISSP certification desired

• 7+ years of information technology experience, 5 of which including roles in security analysis, compliance, and risk management.

• Demonstrated experience leading and developing a global, mostly remote team.

• Experience working with third-party vendors and consultants.

• Understanding of frameworks, regulations, and laws such as ISO, NIST, HIPAA, HITRUST, GDPR and LGPD.

• Proficient in GRC tools for tracking and managing compliance, conducting risk assessments and reporting.

• Knowledge of GRC for cloud computing, including validation of security configurations, resiliency and data protection.

• Project management skills for working with stakeholders and completing projects on time and in scope.

• Demonstrated experience conducting tabletop exercises to enhance business resiliency.

• Excellent written and verbal communication skills for both business and cybersecurity contexts.

• Commitment to sharing up-to-date industry knowledge with team to elevate overall GRC program expertise.

• Experience working within blended IT and OT (operational technology)

• Excellent verbal, written, listening  and presentation communication skills

• Ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding

• Experienced in using knowledge to create value

• Strong organizational and planning skills as well as attention to detail

• Ability to handle highly confidential and sensitive information

• Ability to effectively work and create effective partnerships with employees at all levels within the organization

• Ability to anticipate and understand business strategies, objectives and priorities

• Strong motivational leader that possesses a hands-on, lead by example approach

• Strong interpersonal and teamwork skills

• Ability to adapt to a continually changing business and work environment and manage multiple priorities

• Demonstrated critical thinking and decision making skills

• Strong analysis and problem-solving skills

• Ability to provide oversight across multiple initiatives or projects

#li-km1