Manager, GRC, Awareness and Application Security
Summary
We’re seeking a forward-thinking Manager, GRC, Awareness & Application Security to lead a unified security function that blends governance, risk management, and application security with a strong culture of awareness across the enterprise. This role is ideal for a hands-on leader who can bridge strategy, technology, and communication—embedding security into how we work, build, and innovate.
Key Responsibilities
• Lead the North America GRC program, ensuring alignment with global frameworks and enterprise risk strategy.
• Develop and maintain security policies, standards, and workflows integrated into enterprise GRC tools and operations.
• Design and execute a data-driven security awareness program tailored to diverse user groups.
• Partner with development teams to embed secure-by-design and DevSecOps practices across the SDLC.
• Oversee third-party risk management, including assessments and remediation tracking.
• Drive application security maturity through tools like SAST, DAST, and SCA.
• Deliver insightful risk and performance reporting to leadership using dashboards and KRIs.
• Support audit, compliance, and regulatory readiness (GxP, HIPAA, data protection).
• Collaborate globally to align governance, risk, and security programs across regions.
Qualifications
• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• Certifications: CISSP, CRISC required; CISM, CSSLP, or other AppSec/GRC preferred.
• 7+ years in cybersecurity with hands-on experience in GRC, security awareness, and application security.
• Experience in regulated industries (pharma, biotech, healthcare, or manufacturing).
• Strong grasp of secure SDLC, DevSecOps, and third-party risk management.
• Familiarity with NIST CSF, ISO 27001, HIPAA, GxP, and cloud security fundamentals (AWS, Azure, GCP).
Â
• Seniority Level
Mid-Senior level
• Industry
• Biotechnology Research
• Pharmaceutical Manufacturing
• Employment Type
Full-time
• Job Functions
• Information Technology
• Skills
• Governance, Risk Management, and Compliance (GRC)
• Cyber-
Working Conditions:
Requires up to 10 % domestic and international travel
The anticipated salary for this position will be $140,000 to $155,000.  The actual salary offered for this role at commencement of employment may vary based on several factors including but not limited to relevant experience, skill set, qualifications, education (including applicable licenses and certifications, job-based knowledge, location, and other business and organizational needs.
Â
Apply tot his job
Apply To this Job
We’re seeking a forward-thinking Manager, GRC, Awareness & Application Security to lead a unified security function that blends governance, risk management, and application security with a strong culture of awareness across the enterprise. This role is ideal for a hands-on leader who can bridge strategy, technology, and communication—embedding security into how we work, build, and innovate.
Key Responsibilities
• Lead the North America GRC program, ensuring alignment with global frameworks and enterprise risk strategy.
• Develop and maintain security policies, standards, and workflows integrated into enterprise GRC tools and operations.
• Design and execute a data-driven security awareness program tailored to diverse user groups.
• Partner with development teams to embed secure-by-design and DevSecOps practices across the SDLC.
• Oversee third-party risk management, including assessments and remediation tracking.
• Drive application security maturity through tools like SAST, DAST, and SCA.
• Deliver insightful risk and performance reporting to leadership using dashboards and KRIs.
• Support audit, compliance, and regulatory readiness (GxP, HIPAA, data protection).
• Collaborate globally to align governance, risk, and security programs across regions.
Qualifications
• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• Certifications: CISSP, CRISC required; CISM, CSSLP, or other AppSec/GRC preferred.
• 7+ years in cybersecurity with hands-on experience in GRC, security awareness, and application security.
• Experience in regulated industries (pharma, biotech, healthcare, or manufacturing).
• Strong grasp of secure SDLC, DevSecOps, and third-party risk management.
• Familiarity with NIST CSF, ISO 27001, HIPAA, GxP, and cloud security fundamentals (AWS, Azure, GCP).
Â
• Seniority Level
Mid-Senior level
• Industry
• Biotechnology Research
• Pharmaceutical Manufacturing
• Employment Type
Full-time
• Job Functions
• Information Technology
• Skills
• Governance, Risk Management, and Compliance (GRC)
• Cyber-
Working Conditions:
Requires up to 10 % domestic and international travel
The anticipated salary for this position will be $140,000 to $155,000.  The actual salary offered for this role at commencement of employment may vary based on several factors including but not limited to relevant experience, skill set, qualifications, education (including applicable licenses and certifications, job-based knowledge, location, and other business and organizational needs.
Â
Apply tot his job
Apply To this Job