Manager of IT Security

Kforce has a client that is seeking a Senior Manager, IT Security - GRC in Draper, UT. Overview: The Senior Manager, IT Security - GRC is responsible for leading and maturing the organization's cybersecurity governance, risk management, and compliance programs. This role ensures cybersecurity risks are identified, assessed, and communicated effectively while aligning security controls with regulatory, contractual, and business requirements. This individual will partner closely with IT Infrastructure, Security Operations, Legal, Internal Audit, and business stakeholders to enable secure and compliant operations across the enterprise. The role requires the ability to translate complex technical risks into clear business impact for executive leadership. Key Responsibilities: Governance & Program Management:

• Lead and mature the enterprise GRC program, including policies, standards, procedures, and metrics
• Align cybersecurity frameworks with industry standards (NIST CSF, ISO 27001, CIS, SOC 2)
• Define and manage risk tolerance, exception management, and control ownership
• Ensure alignment between cybersecurity governance and enterprise risk management (ERM)

Risk Management:

• Lead cyber risk assessments, control gap analyses, and third-party risk evaluations
• Maintain enterprise risk register including scoring, remediation tracking, and treatment plans
• Partner with technical and business teams to mitigate, transfer, or accept risk
• Translate technical vulnerabilities into business-impact risk statements

Compliance & Assurance:

• Manage compliance across regulatory and industry frameworks (SOC 2, ISO, SOX, HIPAA, PCI, privacy)
• Serve as primary liaison for internal/external audits
• Coordinate audit responses, evidence collection, and remediation efforts
• Support customer security assessments, due diligence, and RFP responses
• Monitor regulatory changes and assess impact

• Bachelor's degree in Information Security, IT, Risk, or related field
• 7+ years in cybersecurity, risk, compliance, or audit
• 3+ years in GRC leadership or senior-level role
• Strong knowledge of NIST CSF, ISO 27001, SOC 2
• Experience managing audits and enterprise risk programs
• Strong communication skills with executive presence

Preferred:

• Certifications: CISSP, CISM, CISA, CRISC, ISO 27001
• Experience with GRC tools (ServiceNow GRC, Archer, Drata, Vanta, OneTrust)

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

By clicking "Apply Today" you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.