Information Security GRC Program Senior Manager

The Information Security GRC Program Senior Manager leads the enterprise governance, risk, and compliance (GRC) function within the Information Security Program and manages a team responsible for control governance, audit/exam readiness, risk assessments, and remediation execution tracking. This role establishes a sustainable, repeatable control environment by operating the policy/control lifecycle, coordinating internal/external audits and regulatory exams, driving cross-functional accountability for remediation, and delivering executive-ready reporting to the CISO, ELT, and Risk Committees., Program Leadership & People Management

• Lead, coach, and develop a team of GRC professionals; set goals, performance expectations, and development plans aligned to program outcomes.
• Establish operating rhythms, playbooks, and quality standards for control documentation, testing/validation, evidence management, and reporting.
• Manage team capacity and prioritization against enterprise commitments (audits, exams, strategic initiatives, remediation).

Governance & Control Oversight

• Own the Information Security GRC operating model, including control governance, control testing/validation cadence, evidence management, and exception management.
• Maintain and mature the security control framework and control library; ensure alignment to applicable regulatory and contractual requirements (e.g., insurance regulators, NYDFS, SOX ITGCs, Bermuda Cyber Code of Conduct, PCI DSS, privacy/security obligations).
• Govern the policy lifecycle (reviews, approvals, publication, training/attestation inputs, and adoption tracking) and ensure alignment between policy, standards, and procedures.

Audit, Exam & Assurance Management

• Serve as the senior security lead for internal/external audits, regulatory exams, and assurance activities.
• Coordinate evidence collection, response narratives, and stakeholder alignment; ensure timely delivery and consistency across requests.
• Own the lifecycle of audit/exam issues: intake, triage, assignment, remediation plans, due dates, escalation, validation, and closure.

Issue & Remediation Governance

• Drive remediation governance for security findings, control gaps, and formal commitments; monitor execution and remove blockers through structured escalation.
• Validate remediation completion and evidence quality prior to closure; reduce repeat findings by ensuring root causes are addressed.

Metrics, Reporting & Executive Communication

• Develop and maintain KPIs/KRIs and executive-ready reporting on control health, audit readiness, open issues, remediation status, and program maturity.
• Present decision-grade updates to the CISO and governance forums; support Board/Risk Committee reporting with clear themes, trends, and required decisions., * Internal partners: Technology/IT Operations, Engineering/Application teams, Risk/ERM, Compliance, Legal/Privacy, Internal Audit, Procurement/TPRM, and business leadership.
• External partners: Auditors, regulators/examiners, and third-party service providers (as needed).

• Bachelor's degree in Information Security, Risk Management, Business, IT, or a related field (or equivalent experience).
• 8+ years of progressive experience in information security governance, risk, compliance, audit, or related disciplines.
• 3+ years of people management experience (direct reports) with demonstrated ability to build, coach, and scale a high-performing team.
• Demonstrated success leading cross-functional programs and driving accountability without direct authority.
• Strong understanding of security governance and control frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and experience mapping controls to regulatory obligations.
• Proven experience managing audits/regulatory exams, evidence, control testing/validation, and issue remediation governance.
• Excellent written and verbal communication skills; ability to translate control and compliance topics into business risk and outcomes., * Experience in financial services and/or insurance regulatory environments.
• Familiarity with NYDFS cybersecurity regulation, PCI DSS, and privacy/security requirements applicable to customer data.
• Certifications: CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, or similar.
• Experience implementing or operating GRC tooling and building KPI/KRI dashboards.

Core Competencies

• Strategic program leadership with strong execution discipline
• Team leadership, coaching, and performance management
• Control design and operating effectiveness validation
• Audit/exam management and remediation governance
• Executive-ready communication and influencing skills
• High standards for documentation and evidence quality
• Risk-based prioritization and pragmatic decision support

The base range for this position is $99,000 to $164,800. When determining candidate offers, we consider experience, skills, education, certifications, and geographic location among other factors. This job is eligible for an annual discretionary bonus, equity, and Kemper benefits (Medical, Dental, Vision, PTO, 401k, etc.), + $122,600-184,000 per year

Kemper is one of the nation's leading specialized insurers. Our success is a direct reflection of the talented and diverse people who make a positive difference in the lives of our customers every day. We believe a high-performing culture, valuable opportunities for personal development and professional challenge, and a healthy work-life balance can be highly motivating and productive. Kemper's products and services are making a real difference to our customers, who have unique and evolving needs. By joining our team, you are helping to provide an experience to our stakeholders that delivers on our promises., Constellation Energy + Plainfield, IL + $159,000-191,000 per year WHO WE ARE As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose: accelerating the transition to a carbon-free future. We have be…, © 2026 Careerjet All rights reserved