Information Security & GRC Manager

We are seeking an experienced and strategic Information Security and GRC Manager to oversee and enhance our organization's information security posture and security operations. This role is responsible for developing, implementing, and maintaining security policies and procedures to protect our digital assets from internal and external threats, while providing leadership over day-to-day SecOps activities. The ideal candidate will have a strong technical background, leadership experience, and a deep understanding of information security best practices, frameworks, compliance requirements, and operational security monitoring. This position will lead both proactive security initiatives and oversee reactive incident response capabilities throughout the organization.

This is a full-time, permanent position, Monday to Friday, with flexible hours around a standard 0900-1700.

• Oversee SecOps activities, including monitoring, incident detection, response, and recovery operations; establish SecOps metrics and ensure continuous improvement of security operations capabilities.
• Develop and maintain effective information security management systems, quality management systems, and security operations, ensuring compliance with legal, regulatory, and industry standards.
• Lead the enterprise risk management program, including risk assessment, remediation tracking, and reporting to stakeholders at all levels.
• Manage the Supplier Security Program, including risk assessments, compliance verification, and ongoing monitoring.
• Direct certification and compliance initiatives, including SOC 2, PCI, and ISO standards (27001, 9000, 20000); serve as security and compliance SME for internal and external engagements.
• Develop, implement, and maintain security policies, procedures, and standards across the organization.
• Coordinate security awareness programs and evaluate/recommend new security tools and technologies.
• Lead security incident response, including root cause analysis and corrective action implementation.
• Manage the security and GRC/SecOps team members, providing technical guidance and fostering professional development.
• Deliver executive-level reporting on security posture, risk landscape, and operational metrics.

• Information security, privacy, risk, and quality experience with a proven ability to engage with Stakeholders at all levels and regulators (essential).
• Experience in a fast-paced GRC/ISO function (desirable).
• Audit and compliance experience in leading, managing or supporting third-party security-related audits and assessments (essential)
• Demonstrable experience in leading projects/engagements, showing independence and effective teamwork (essential).
• Experience working within, achieving and/or maintaining ISO standards such as ISO 27001, 9001 (essential), 14001, and 20000 (desired) and SOC 2 Type II (essential).
• Has federal industry security experience and holds an active security clearance (desirable)
• Security, privacy, risk and/or quality-related qualification(s) and/or certifications e., CISSP, CRISC, CISA, CISM, CSX-P, CDPSE, CGEIT, CIPP (desirable)
• PCI experience or current certifications, PCIP, certified ISA or QSA (desirable)
• Demonstrated experience leading and managing a team of security and GRC team members (desirable)

Problem Solving: Identifies the root causes of complex issues. Leverages available data and resources to resolve problems. Defines solutions before establishing a clear course of action. Considers and explores alternative resolution strategies, including innovative solutions.

Critical Thinking: Evaluates information for accuracy, relevance, importance, and reliability. Questions whether existing practices, procedures, and processes are appropriate and suggests improvement. Identifies assumptions, inconsistencies, flaws, and/or omissions by asking the right questions and verifying data. Considers short- and long-term implications of decisions.

Managing Conflict: Anticipates and addresses likely areas of disagreement or conflict before problems arise. Maintains a neutral and objective point of view working toward resolution. Focuses on preventing conflict. Resolves conflicts, including escalations by finding a mutually satisfactory solution.

Communication: Listens actively to others. Asks questions to understand others' insights and needs. Explains issues and solutions in a way that is easy to understand. Demonstrates confidence and credibility.

Building Relationships: Interacts with others in a friendly and polite way. Develops relationships with co-workers from other teams and departments. Maintains confidentiality as needed. Maintains a strong network of contacts through regular outreach and communication.

Building Teams: Offers to support others in their work. Openly shares relevant knowledge, expertise, and information. Respects others' talents, expertise, and contributions. Collaborates with others to achieve common goals.

Directing and Guiding: Sets clear performance expectations and holds others accountable. Tailor's instructions to a person's skills and experience as well as the situation. Guides others to the best resources, including references, tools, and co-workers. Removes obstacles and roadblocks to help others succeed.

Leading Change: Models new approaches and helps others adapt to them. Advises others on the benefits of change. Adopts an optimistic view of change, focusing on the positives. Adjusts course of action quickly in response to new information or challenges.

Digital Dexterity: Leverages technology to positively impact the quality of product, process, and communication. Engages and experiments with technology and functionality. Uses different and/or new technologies to complete work as effectively as possible. Adjusts work methods and flow to accommodate new technologies.

Prioritizing and Planning: Prioritizes own and team's tasks by considering importance, deadline, and resources. Coordinates resources and activities to accomplish goals. Implements systems to keep track of priorities and commitments within the team. Recognizes opportunities for synergy and integration.

We know everyone's career journey is unique, subject to changes in personal circumstances and interests. We won't tell you what path you should take, but we will provide you with guidance on activities that can support whatever direction you wish to take.

That's why we have made development toolkits at Talogy, and there is one for every level in every job family. You can find the toolkits here on SharePoint, so please feel free to explore that resource center, especially if you're interested in generating ideas for personal and career development activities. We encourage you to not only look at the toolkit for your current level and job family, but also look at the level above, or even in different groups where applicable.

All other role profiles at Talogy can be found in the same place, if you are interested in exploring a specific role and its requirements.

We have also published guidance on Talogy's career advancement/promotion process in the same area as the development toolkits and role profiles. When you feel ready to make a career move, that document provides clarity on the steps you need to take to pursue your ambition.

If you have any questions or wish to speak to someone about career development at Talogy, please feel free to contact your partners in the People Operations team.