SanMar is hiring a Manager, Corporate Governance, Risk, and Compliance (GRC) to lead our internal GRC strategy and team. You will ensure our security and compliance functions align with business objectives and adhere to relevant regulations and standards, fostering strong partnerships across the organization.

What You'll Do

Manage and lead a team of four Information Security Specialists and the processes comprising the GRC team’s portfolio.
Develop, disseminate, and maintain enterprise information security policies, standards, and procedures, delivering the associated training program.
Establish and maintain relevant security risk metrics.
Manage internal and external Privacy standards and initiatives.
Help inform and maintain the company’s Business Resilience Strategy.
Perform security- and privacy-centric reviews for contracts, RFIs, and RFPs.
Conduct risk assessments and recommend mitigation strategies.
Support, facilitate, and manage responses to internal and external audits and assessments.
Ensure supplier alignment with controls via Third-Party Risk Management and by crafting security exhibits for service agreements.

What We're Looking For

Undergraduate degree in cybersecurity/computer science and five years of work experience or eight or more years of work experience in Information Security.
At least 3 years in a managerial role.
Knowledgeable about aligning security programs with regulatory requirements (e.g., CMMC, GDPR, HIPAA, NYSDFS) and industry security frameworks (e.g., NIST, ISO).
Previous experience with security and privacy control definition, design, and implementation.
Experience managing internal and external compliance audits and assessments.
Privacy experience including fielding Data Subject requests and performing Data Privacy Impact Assessments.
Familiarity with developing, monitoring, testing, and implementing contingency planning measures.
Excellent communication skills and demonstrated ability to engage with stakeholders at all levels.
Excellent organization skills, self-directed, and self-motivated.

Nice to Have

CISA, CISM, and/or CISSP certifications.
Experience working with Jira, Confluence, Veza, BitSight (or other supplier risk management tools).

Technical Stack

Jira
Confluence
Veza
BitSight

Team & Environment

You will lead the corporate GRC team of four Information Security Specialists, assisting the Senior Director, CIS, to whom you will report.

Benefits & Compensation

Remote workforce primarily (U.S. based only).
Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans) with GPS HSA contributions.
Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans.
12 corporate holidays and a Flexible Time Off (FTO) program.
Healthy mobile phone and home internet allowance.
Eligibility for retirement plan after 2 months at open enrollment.
Pet Benefit Option.