Manager Cybersecurity Governance, Risk & Compliance

Summary: This role is responsible for leading the Cybersecurity Governance, Risk, & Compliance function with responsibility for a risk-‑based compliance program that integrates Assessment & Authorization (A&A/RMF), policy and planning, and continuous monitoring across on-premise‑ and cloud environments. Coordinates security control assessments and system authorizations per NIST RMF practices and develops/maintains cybersecurity policy and governance to ensure alignment with enterprise goals and regulatory obligations (e.g., SOX, NIST 800-NNN‑, ISO/IEC 27001, privacy laws). Primary alignment to NICE Systems Authorization and Cybersecurity Policy & Planning work roles, with additional responsibilities consistent with the Authorizing Official/Designating Representative role for risk acceptance and accreditation decisions. Essential Functions: • Lead the enterprise Assessment & Authorization (A&A) lifecycle-categorization, control selection/implementation, assessment, authorization, and continuous monitoring-using the NIST RMF and organizational procedures. • Oversee and perform security control assessments; document results, identify systemic issues, and track remediation to closure. • Prepare, review, and maintain authorization packages (e.g., SSP, SAR, POA&M); recommend risk disposition and authorization decisions. • Develop, publish, and maintain cybersecurity policies, standards, and implementation guidelines; ensure policy alignment to business objectives and regulations. • Establish compliance metrics and executive reporting (e.g., control effectiveness, residual risk trends, time-to‑-‑remediate, audit closure rate); drive continuous improvement. • Coordinate internal/external audits; design and implement independent audit processes for applications, networks, and systems; validate corrective actions. • Govern third-party‑ / supplier compliance (security and privacy requirements, contractual clauses, assessments) and track risk treatment. • Advise leadership on risk acceptance and authorization determinations; ensure decisions reflect organizational risk tolerance and mission impacts • Integrate policy, standards, and A&A activities with security architecture/engineering and IT operations to embed compliance by design. • Monitor emerging regulations and technologies; update policy and control baselines accordingly. Qualifications: • Bachelor's degree in information systems, computer science, cybersecurity, or related field (or equivalent experience). • Certifications: CISA, CISM, CRISC, CIPM, CGEIT, or CISSP (preferred). • 5+ years in IT Compliance / GRC, including RMF based A&A, policy governance, audit management, and third party risk. • Hands on with NIST control baselines, ISO/IEC 27001 controls, SOX ITGCs, and privacy obligations, • Experience with GRC platforms, evidence automation, and cloud compliance tooling. • Strong leadership, stakeholder communication, and executive reporting skills. Apply tot his job