Sr. IT Security Manager

Sr. IT Security ManagerSalt Lake City, UtahDirect Placement$135K to $165K annual salary DOE + bonus SummaryThe Sr. Manager, IT Security - GRC is responsible for leading and maturing enterprise cybersecurity governance, risk management, and compliance programs. This role ensures cybersecurity risks are identified, assessed, and communicated effectively while aligning security controls with regulatory, contractual, and business requirements. The position partners closely with technical and business leaders to support secure, compliant, and risk-aware operations across the organization. ResponsibilitiesLead and mature enterprise cybersecurity governance, risk, and compliance (GRC) programs Develop and maintain security policies, standards, procedures, and governance metrics Align cybersecurity frameworks with standards such as NIST CSF, ISO 27001, CIS, and SOC 2 Conduct cybersecurity risk assessments, gap analyses, and third-party risk reviews Manage enterprise cyber risk registers, remediation tracking, and exception processes Translate technical security risks into business-focused recommendations and reporting Oversee compliance initiatives related to SOC 2, SOX, HIPAA, PCI, privacy, and other frameworks Coordinate internal and external audits, evidence collection, and remediation activities Develop dashboards and executive-level reporting on cybersecurity risk posture and compliance status Partner with Security Operations, Infrastructure, Legal, Audit, and Procurement teams Lead, mentor, and develop GRC team members and contributors Promote risk-aware decision-making and cybersecurity accountability across the organization RequirementsBachelor's degree in Information Security, Information Technology, Risk Management, or related field 7+ years of experience in cybersecurity, risk management, compliance, or audit roles 3+ years of experience in a GRC leadership or senior-level role Strong knowledge of cybersecurity frameworks including NIST CSF, ISO 27001, SOC 2, and risk assessment methodologies Experience managing audits, compliance programs, and enterprise risk registers end-to-end Strong written and verbal communication skills with the ability to influence leadership Ability to balance security requirements with business and operational objectives Experience presenting risk findings and recommendations to senior leadership Bonus SkillsExperience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or OneTrust Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer Welcome to ConsultNet, a premier national provider of technology talent and solutions. Our expertise spans across project services, contract-to-hire, direct search, and managed services onshore, nearshore, and hybrid. For over 25 years, we have connected thousands of consultants with meaningful roles through a personal, communication-driven approach, partnering with a diverse client base to build high-performing teams and create lasting impact. Our comprehensive service offerings cover a wide range of technology and engineering positions across key markets nationwide. Learn more at www.consultnet.com .We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.