Manager, Security Risk & Assurance Programs
- Morrisville, NC
- $100,000-115,000 per year
- Permanent
- Full-time
- United States of America - North Carolina - Morrisville
- Maintain the enterprise security risk register, ensuring timely intake, analysis, updates, and reporting.
- Collaborate with stakeholders from each security domain to document risk mitigation strategies, target states, and owner accountability.
- Support quarterly risk review cycles and integration of security risks into enterprise risk management (ERM) dashboards.
- Execute assurance reviews and control validation activities across internal domains (cyber, physical, supply chain, product, data).
- Coordinate collection of control evidence and remediation tracking in partnership with audit, compliance, and infrastructure teams.
- Help prepare the security function for internal audits, stakeholder reviews, or external assessments beyond formal certification scopes.
- Support the creation of assurance dashboards, risk posture metrics, and trend reporting for governance forums and executive stakeholders.
- Maintain templates, logs, and records that support governance and assurance transparency.
- Assist in cross-functional program planning, tool enablement, and process improvements in governance and assurance workflows.
- Contribute to internal education efforts on risk and assurance accountability across business units and technical teams.
- Bachelor's degree in Information Security, Risk Management, or related field; certifications such as CRISC, CISA, or ISO 27001 Lead Implementer are a plus.
- 8+ years of experience in security risk management, assurance, GRC, or compliance roles.
- Familiarity with governance frameworks such as NIST CSF, ISO 27001, COBIT, or SOC 2.
- Experience working across global, cross-functional teams to execute governance or control-related activities.
- Strong analytical skills and attention to detail in risk documentation, evidence management, and reporting.
- Experience operationalizing risk registers, GRC tooling, or assurance workflows.
- Ability to interpret technical control evidence and translate it into business-aligned assurance outputs.
- Familiarity with multiple security domains (e.g., physical, product, supply chain).
- Comfortable managing deadlines across regions and time zones.
- United States of America - North Carolina - Morrisville
- United States of America
- United States of America - North Carolina
- United States of America - North Carolina - Morrisville