Senior Information Security GRC Program Manager

Role Overview

• Lead, coach, and develop a team of GRC professionals; set goals, performance expectations, and development plans aligned to program outcomes.
• Establish operating rhythms, playbooks, and quality standards for control documentation, testing/validation, evidence management, and reporting.
• Manage team capacity and prioritization against enterprise commitments (audits, exams, strategic initiatives, remediation).
• Own the Information Security GRC operating model, including control governance, control testing/validation cadence, evidence management, and exception management.
• Maintain and mature the security control framework and control library; ensure alignment to applicable regulatory and contractual requirements (e.g., insurance regulators, NYDFS, SOX ITGCs, Bermuda Cyber Code of Conduct, PCI DSS, privacy/security obligations).
• Govern the policy lifecycle (reviews, approvals, publication, training/attestation inputs, and adoption tracking) and ensure alignment between policy, standards, and procedures.
• Serve as the senior security lead for internal/external audits, regulatory exams, and assurance activities.
• Coordinate evidence collection, response narratives, and stakeholder alignment; ensure timely delivery and consistency across requests.
• Drive remediation governance for security findings, control gaps, and formal commitments; monitor execution and remove blockers through structured escalation.
• Validate remediation completion and evidence quality prior to closure; reduce repeat findings by ensuring root causes are addressed.
• Develop and maintain KPIs/KRIs and executive-ready reporting on control health, audit readiness, open issues, remediation status, and program maturity.
• Present decision-grade updates to the CISO and governance forums; support Board/Risk Committee reporting with clear themes, trends, and required decisions.

Requirements

• Bachelor’s degree in Information Security, Risk Management, Business, IT, or a related field (or equivalent experience).
• 8+ years of progressive experience in information security governance, risk, compliance, audit, or related disciplines.
• 3+ years of people management experience (direct reports) with demonstrated ability to build, coach, and scale a high-performing team.
• Demonstrated success leading cross-functional programs and driving accountability without direct authority.
• Strong understanding of security governance and control frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and experience mapping controls to regulatory obligations.
• Proven experience managing audits/regulatory exams, evidence, control testing/validation, and issue remediation governance.
• Excellent written and verbal communication skills; ability to translate control and compliance topics into business risk and outcomes.

Benefits

• Qualify for your choice of health and dental plans within your first month.
• Save for your future with robust 401(k) match, Health Spending Accounts and various retirement plans.
• Learn and Grow with our Tuition Assistance Program, paid certifications and continuing education programs.
• Contribute to your community through United Way and volunteer programs.
• Balance your life with generous paid time off and business casual dress.
• Get employee discounts for shopping, dining and travel through Kemper Perks.