Senior Program Manager – Cybersecurity GRC Tools and Automation

Company Overview

(Company details are not specified.)

Job Summary

The Senior Program Manager – Cybersecurity GRC Tools and Automation will lead the strategic transformation of our governance, risk, and compliance (GRC) capabilities in the cybersecurity domain. This position aims to drive the implementation and optimization of GRC platforms and automation solutions that enhance risk assessments, policy management, compliance reporting, and control monitoring across the enterprise.

Responsibilities

• Program Strategy & Execution

  • Define and lead the roadmap for cybersecurity GRC tooling and automation initiatives.
  • Manage end-to-end implementation of GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, MetricStream).
  • Drive automation of risk assessments, control testing, evidence collection, and compliance workflows.

• Tool Lifecycle & Integration

  • Oversee the selection, deployment, and integration of GRC tools with enterprise systems (e.g., Identity Access Management (IAM), Configuration Management Database (CMDB), Security Information and Event Management (SIEM), ticketing platforms).
  • Ensure tools support real-time risk visibility, control effectiveness, and audit readiness.
  • Collaborate with IT, InfoSec, and business units to ensure seamless data flow and reporting.

• Governance & Compliance Enablement

  • Ensure tooling supports compliance with frameworks and regulations such as:
    • ISO 27001
    • NIST Cybersecurity Framework (CSF)
    • SOC 2
    • PCI-DSS
    • General Data Protection Regulation (GDPR)
    • Health Insurance Portability and Accountability Act (HIPAA)
  • Automate policy lifecycle management, exception handling, and regulatory mapping.
  • Maintain audit trails, dashboards, and executive reporting for internal and external stakeholders.

• Risk Management Automation

  • Enable continuous risk monitoring and automated risk scoring.
  • Integrate threat intelligence and vulnerability data into risk registers.
  • Support third-party risk management through automated assessments and workflows.

• Stakeholder Engagement

  • Act as the primary liaison between cybersecurity, risk, audit, legal, and business teams.
  • Manage vendor relationships, tool licensing, and service-level agreements.
  • Present program updates, key performance indicators (KPIs), and risk insights to senior leadership and governance boards.

Qualifications

• Bachelor’s or master’s degree in computer science or related fields.
• 13+ years of experience in cybersecurity or IT risk management, with at least 3 years in program or project management.
• Hands-on experience with GRC platforms and automation tools.
• Strong understanding of cybersecurity frameworks, regulatory requirements, and control environments.
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Project Management Professional (PMP), or Certified in the Governance of Enterprise IT (CGEIT) are highly desirable.

Preferred Skills

• Experience with scripting or low-code automation platforms (e.g., Power Automate, ServiceNow Flow Designer).
• Familiarity with cloud compliance and risk management (AWS, Azure, Google Cloud Platform (GCP)).
• Strong analytical, communication, and stakeholder management skills.
• Ability to lead cross-functional teams in a matrixed environment.

Experience

• 13+ years of professional experience in cybersecurity or IT risk management.
• At least 3 years of experience in program or project management within cybersecurity.

Environment

The work setting is primarily based in Bangalore, and may involve collaboration with various project stakeholders, including remote interactions with teams and vendors.

Salary

(Salary details are not specified.)

Growth Opportunities

(Details about growth opportunities within the company are not provided.)

Benefits

(Details of benefits offered are not specified.)