<p>Kforce has a client that is seeking a Senior Manager, IT Security - GRC in Draper, UT.</p> <p>Overview: The Senior Manager, IT Security - GRC is responsible for leading and maturing the organization's cybersecurity governance, risk management, and compliance programs. This role ensures cybersecurity risks are identified, assessed, and communicated effectively while aligning security controls with regulatory, contractual, and business requirements.</p> <p>This individual will partner closely with IT Infrastructure, Security Operations, Legal, Internal Audit, and business stakeholders to enable secure and compliant operations across the enterprise. The role requires the ability to translate complex technical risks into clear business impact for executive leadership.</p> <p>Key Responsibilities: Governance & Program Management:</p> <ul> <li>Lead and mature the enterprise GRC program, including policies, standards, procedures, and metrics </li><li>Align cybersecurity frameworks with industry standards (NIST CSF, ISO 27001, CIS, SOC 2) </li><li>Define and manage risk tolerance, exception management, and control ownership </li><li>Ensure alignment between cybersecurity governance and enterprise risk management (ERM) </li></ul> <p>Risk Management:</p> <ul> <li>Lead cyber risk assessments, control gap analyses, and third-party risk evaluations </li><li>Maintain enterprise risk register including scoring, remediation tracking, and treatment plans </li><li>Partner with technical and business teams to mitigate, transfer, or accept risk </li><li>Translate technical vulnerabilities into business-impact risk statements </li></ul> <p>Compliance & Assurance:</p> <ul> <li>Manage compliance across regulatory and industry frameworks (SOC 2, ISO, SOX, HIPAA, PCI, privacy) </li><li>Serve as primary liaison for internal/external audits </li><li>Coordinate audit responses, evidence collection, and remediation efforts </li><li>Support customer security assessments, due diligence, and RFP responses </li><li>Monitor regulatory changes and assess impact* Bachelor's degree in Information Security, IT, Risk, or related field </li><li>7+ years in cybersecurity, risk, compliance, or audit </li><li>3+ years in GRC leadership or senior-level role </li><li>Strong knowledge of NIST CSF, ISO 27001, SOC 2 </li><li>Experience managing audits and enterprise risk programs </li><li>Strong communication skills with executive presence </li></ul> <p>Preferred:</p> <ul> <li>Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 </li><li>Experience with GRC tools (ServiceNow GRC, Archer, Drata, Vanta, OneTrust) </li></ul>