Cyber Security GRC Manager

"Candidates must be authorized to work in the United States without the need for current or future visa sponsorship."Role OverviewWe are seeking a highly motivated and experienced GRC Manager to lead and mature our cybersecurity governance, risk, and compliance program across a complex retail ecosystem supporting 60,000+ associates, thousands of brick-and-mortar stores, distribution centers, corporate offices, datacenters, and multi-cloud environments.This role will play a critical part in supporting our ongoing divestiture and Transition Services Agreement (TSA) journey initially, helping establish independent governance structures while ensuring continued alignment with shared services and transitional operating models.The GRC Manager will partner closely with internal stakeholders, legacy service providers, and Business Process Outsourcing (BPO) partners to ensure risk visibility, compliance assurance, and control ownership clarity across both transitional and steady-state environments.The ideal candidate is both strategic and execution-oriented, capable of operating effectively in environments undergoing transformation while building scalable governance frameworks for the future state.Key ResponsibilitiesGovernance & Program LeadershipLead the enterprise cybersecurity governance framework aligned to NIST CSF / NIST 800-53 / ISO 27001.Support the design and maturation of governance structures as the organization transitions through TSA toward a standalone operating model.Own and maintain the cybersecurity policy, standards, and control framework lifecycle.Establish governance forums and reporting cadence with executive leadership.Drive maturity roadmap aligned to organizational risk appetite and separation milestones.Ensure governance processes are embedded across internal teams, TSA providers, and BPO partners.Risk ManagementManage the enterprise cyber risk program including risk identification, assessment, treatment, and reporting.Assess risks related to shared services, transitional architectures, and separation activities.Facilitate risk assessments across cloud, retail stores, supply chain, datacenters, and enterprise applications.Maintain enterprise risk register and track remediation progress across internal teams, TSA providers, and BPO partners.Partner with architecture and engineering teams to embed risk-based decision making during separation initiatives.Compliance & Regulatory OversightLead compliance efforts across relevant frameworks including:PCI DSSSOX ITGCPrivacy / Data Protection requirementsState and federal regulatory obligationsSupport compliance activities during TSA including shared control environments and inherited controls.Coordinate internal and external audits and manage evidence collection.Ensure continuous compliance monitoring across environments including controls operated by TSA and BPO providers.Validate adherence to contractual security and compliance obligations.Third Party & TSA Risk ManagementOversee vendor risk assessments across SaaS, supply chain, TSA providers, and service partners.Serve as the primary GRC liaison for cybersecurity BPO providers and transitional service providers.Monitor vendor, TSA, and BPO risk posture, performance metrics, and remediation activities.Partner with procurement and legal on risk reviews and contractual security requirements.BPO Governance & OversightEstablish governance cadence with BPO partners including operational reviews and risk forums.Define and monitor security KPIs/KRIs and SLAs tied to BPO services.Ensure clear accountability and control ownership between internal teams, TSA providers, and BPO.Support continuous improvement initiatives with BPO providers to enhance control maturity.Metrics, Reporting & Executive CommunicationDevelop and maintain cyber risk dashboards and KPIs/KRIs aligned to separation milestones.Provide regular reporting to executive leadership and governance councils.Translate technical risk into business impact for decision making.Cross Functional CollaborationPartner with Security Operations, Engineering, Privacy, Legal, Internal Audit, and IT.Support secure transformation initiatives including cloud migration and retail technology modernization.Provide governance support for separation programs and new capability buildouts.Drive security awareness from a governance and risk perspective.Required QualificationsBachelor's degree in Cybersecurity, Information Security, IT, Risk Management, or related field.7–8 years of experience in cybersecurity, risk, compliance, or audit roles.Experience operating in a large enterprise environment with distributed infrastructure.Experience supporting transformational programs, divestitures, or large-scale operating model changes.Experience working with or overseeing BPO / managed service providers in a cybersecurity or IT risk capacity.Strong understanding of cybersecurity frameworks (NIST CSF, ISO 27001, COBIT).Experience supporting regulatory audits (PCI, SOX, privacy).Experience with risk management methodologies and control frameworks.Strong stakeholder management and communication skills.Preferred QualificationsExperience in retail, logistics, or highly distributed environments.Experience supporting multi-cloud environments (AWS, Azure, GCP).Professional certifications such as:CISSPCISMCRISCCISAExperience with GRC platforms (ServiceNow GRC, Archer, OneTrust, Auditboard etc.).Experience working in TSA or shared services environments.Leadership CompetenciesStrategic thinker with strong execution disciplineAbility to operate effectively in ambiguous and evolving environmentsStrong analytical and problem-solving skillsExecutive presence and communication abilityCollaborative and people-focused leadership styleStrong vendor and partner management capability