Information Security GRC Manager

We are seeking an experienced Information Security GRC Manager to lead our governance, risk, and compliance (GRC) program. This role is critical in ensuring our information security practices align with regulatory requirements, industry standards, and business objectives.

As a key member of the security leadership team, you will drive enterprise risk management, oversee compliance initiatives, and provide clear, actionable insights on our security posture to senior leadership., Lead Governance & Security Programs

• Develop and maintain the enterprise information security governance framework
• Establish and lead cross-functional governance forums (e.g., compliance working groups, risk committees)
• Oversee security policies, standards, procedures, and risk methodologies

Drive Risk Management

• Lead enterprise-wide risk assessments, including identification, analysis, and mitigation of security risks
• Define, track, and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
• Partner with stakeholders to support risk-based decision-making

Own Compliance & Certifications

• Plan and execute compliance and readiness assessments (e.g., PCI-DSS, NIST CSF, ISO 27001)
• Serve as the primary liaison for external auditors and assessors
• Ensure ongoing adherence to regulatory and contractual requirements

Manage Audit & Assurance Activities

• Coordinate internal and external audits, including SOX-related controls where applicable
• Oversee remediation tracking and ensure timely resolution of findings
• Continuously improve control effectiveness and assurance processes

Partner Across the Business

• Collaborate with IT, Legal, Privacy, and business teams to embed security into operations
• Translate complex security and compliance requirements into business-friendly language
• Provide regular reporting on risk posture and compliance to senior leadership

Promote Security Awareness

• Develop and deliver training and awareness programs related to risk and compliance
• Foster a culture of security and accountability across the organization

Do you have experience in Stakeholder engagement?, Do you have a Bachelor's degree?, * Bachelor's degree in Information Security, Cybersecurity, Computer Science, Business, or related field (Master's preferred)

• 10+ years of experience in information security, IT risk, or compliance
• 2-3+ years of hands-on experience in a GRC-focused role
• Strong knowledge of frameworks and standards (e.g., NIST, ISO 27001, COBIT)
• Experience managing audits and working with external regulators or assessors
• Excellent communication skills, with the ability to engage both technical and business stakeholders
• Strong project management skills and ability to manage multiple initiatives simultaneously

Nice to Have:

• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA)
• Experience with SOX ITGC controls and audit coordination
• Familiarity with third-party/vendor risk management programs
• Experience with GRC tools (e.g., Optro (AuditBoard), ServiceNow GRC, OneTrust)

Pulled from the full job description

• Health insurance
• 401(k) matching
• Vision insurance
• Dental insurance
• Store discount, * Competitive healthcare, dental & vision insurance
• 401(k) matching after one year of employment
• Generous time off + company holidays
• Merchandise discount
• Learning & Development programs
• Much more!

Signet Jewelers is the world's largest retailer of diamond jewelry, operating more than 2,800 stores worldwide under the iconic brands: Kay Jewelers, Zales, Jared, H.Samuel, Ernest Jones, Peoples, Banter by Piercing Pagoda, Rocksbox, JamesAllen.com and Diamonds Direct. We are a people-first company and this core value is at the heart of everything we do, from empowering our valued team members, to collaborating with our customers, to fostering the communities in which we live and serve. People - and the love their actions inspire - are what drive us. We're not only proud of the love we inspire outside our walls, we're especially proud of the diversity, inclusion and equity we're inspiring inside. There are dynamic career paths awaiting you - rewarding opportunities to impact the lives of others and inspire love. Join us!