Information Security GRC Manager
The Information Security Governance, Risk, and Compliance (GRC) Manager provides tactical leadership and operational oversight for key components of the company’s enterprise GRC program. This role is responsible for the day-to-day management of GRC analysts, driving compliance initiatives, managing the integrated risk assessment lifecycle, and ensuring control effectiveness. The Manager will serve as a key point of contact for internal business units and external auditors, directly supporting the strategic directives set by program leadership. The position requires a proven ability to lead teams, implement policy, and translate complex security and compliance requirements into clear business actions.
What You Will Work On
Manage and mentor a team of GRC Security Analysts, providing clear direction and facilitating continuous professional development.
Oversee and execute the security risk assessment process, including identifying, analyzing, and documenting emerging and ongoing risks across the organization and its third parties.
Lead efforts to document, enforce, and communicate security policies and control frameworks that are aligned with key regulations and standards (e.g., NIST, ISO, GDPR, GLBA).
Develop, implement, and maintain security policies and controls specifically for the safe and ethical deployment and use of artificial intelligence (AI) systems.
Act as the primary operational liaison for internal and external audits, coordinating the collection of evidence, tracking the resolution of findings, and ensuring sustained audit readiness.
Provide direct support to the third-party risk management program, ensuring rigorous security review of vendors and business partners to mitigate external risk.
Facilitate IT compliance activities, focusing on the operational effectiveness of technical and general IT controls.
Collaborate with business units and technical teams to ensure adequate security controls are available and implemented during the onboarding of new solutions and systems.
Define and track qualitative and quantitative metrics to measure the success and maturity of the security program, reporting regularly to program leadership.
Support incident response and disaster recovery efforts, ensuring GRC documentation and controls are properly applied to corporate resiliency programs.
Ensure the protection of critical data is maintained through established data classification, data loss prevention (DLP), and records retention requirements.
Manage information security training requirements for the organization, to include identifying role-based security training for all organizational roles in accordance with the roles capacity to introduce risk in the performance of their duties.
Who We Are Looking For
7+ years of experience in cybersecurity, with a focus on governance, compliance, risk management, or audit.
3+ years of demonstrated experience managing or leading a distributed or hybrid team.
Expert-level understanding of major regulatory frameworks and standards, including but not limited to NIST, ISO, GDPR, and GLBA.
Proven ability to manage GRC-related projects and work with cross-functional stakeholders to deliver outcomes on time and within scope.
Strong technical acumen in cloud computing security (AWS, GCP, or Azure), DevOps, and application security.
Exceptional written and verbal communication skills, with the ability to articulate security risk and compliance requirements to technical staff and business leadership.
Prior experience in defining metrics, preparing management reports, and implementing process improvements using GRC tools.
Demonstrated experience in conducting tabletop exercises for business continuity is preferable.
Education Requirements
Bachelor’s degree in computer science, information assurance, MIS, or a related technical field, or equivalent practical experience.
Certification Requirements
Holds or is actively working toward one or more of the following: CISSP, CISM, CISA, CRISC, or CGRC.
What You Can Expect
Compensation: The base salary for this position ranges from $150,000 to $200,000 annually, depending on your location, experience, and qualifications. Additional compensation offerings include company profit-sharing bonus program, communication stipends, and referral bonuses.
Inclusive benefits package offering:
Comprehensive medical, dental, and company paid vision insurance, 401(k) retirement plan with employer match, voluntary life and AD&D insurance options, voluntary supplemental insurances for accident, critical illness, and legal services, paid time off (PTO) and paid holidays, employee assistance and wellness programs, company paid short term disability coverage, company contributions to health saving funds (with participation in the high deductible health plan. We offer company paid access to Galileo for virtual primary care and Rula for virtual mental health resources.
Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team.
Career and skill development resources to help advance your career and personal growth.
A mission-driven environment where your work makes a measurable impact on the real estate industry.
What We Value
Wherever it Leads, Whatever it Takes® - No matter how remote, complex, or unexpected. Our commitment never wavers.
Hire NICE people - Skills can be taught but character shines through. We seek those who bring integrity, kindness, and grit.
Lift others up - We lead with empathy and strive to improve the lives of those around us.
Sweat the details - Excellence lives in the little things. Getting it just so is how we make a big impact.
Raise the bar - We don’t settle for industry standards, we redefine them.
About Us
Our story began in the mountain town of Truckee, California more than 20 years ago, when we pioneered simple, web-based valuation technology solutions for an industry that relied on paper. Today, we’ve grown one of the highest-coverage networks of real professionals in the county. As we continue our journey to modernize valuation we’ll hold on to our promise from day one: to go wherever it leads and do whatever it takes to serve our customer with remarkable technology and uncompromising service.
Clear Capital is an equal-opportunity employer.
To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.
About the job
Apply for this position
Information Security GRC Manager
The Information Security Governance, Risk, and Compliance (GRC) Manager provides tactical leadership and operational oversight for key components of the company’s enterprise GRC program. This role is responsible for the day-to-day management of GRC analysts, driving compliance initiatives, managing the integrated risk assessment lifecycle, and ensuring control effectiveness. The Manager will serve as a key point of contact for internal business units and external auditors, directly supporting the strategic directives set by program leadership. The position requires a proven ability to lead teams, implement policy, and translate complex security and compliance requirements into clear business actions.
What You Will Work On
Manage and mentor a team of GRC Security Analysts, providing clear direction and facilitating continuous professional development.
Oversee and execute the security risk assessment process, including identifying, analyzing, and documenting emerging and ongoing risks across the organization and its third parties.
Lead efforts to document, enforce, and communicate security policies and control frameworks that are aligned with key regulations and standards (e.g., NIST, ISO, GDPR, GLBA).
Develop, implement, and maintain security policies and controls specifically for the safe and ethical deployment and use of artificial intelligence (AI) systems.
Act as the primary operational liaison for internal and external audits, coordinating the collection of evidence, tracking the resolution of findings, and ensuring sustained audit readiness.
Provide direct support to the third-party risk management program, ensuring rigorous security review of vendors and business partners to mitigate external risk.
Facilitate IT compliance activities, focusing on the operational effectiveness of technical and general IT controls.
Collaborate with business units and technical teams to ensure adequate security controls are available and implemented during the onboarding of new solutions and systems.
Define and track qualitative and quantitative metrics to measure the success and maturity of the security program, reporting regularly to program leadership.
Support incident response and disaster recovery efforts, ensuring GRC documentation and controls are properly applied to corporate resiliency programs.
Ensure the protection of critical data is maintained through established data classification, data loss prevention (DLP), and records retention requirements.
Manage information security training requirements for the organization, to include identifying role-based security training for all organizational roles in accordance with the roles capacity to introduce risk in the performance of their duties.
Who We Are Looking For
7+ years of experience in cybersecurity, with a focus on governance, compliance, risk management, or audit.
3+ years of demonstrated experience managing or leading a distributed or hybrid team.
Expert-level understanding of major regulatory frameworks and standards, including but not limited to NIST, ISO, GDPR, and GLBA.
Proven ability to manage GRC-related projects and work with cross-functional stakeholders to deliver outcomes on time and within scope.
Strong technical acumen in cloud computing security (AWS, GCP, or Azure), DevOps, and application security.
Exceptional written and verbal communication skills, with the ability to articulate security risk and compliance requirements to technical staff and business leadership.
Prior experience in defining metrics, preparing management reports, and implementing process improvements using GRC tools.
Demonstrated experience in conducting tabletop exercises for business continuity is preferable.
Education Requirements
Bachelor’s degree in computer science, information assurance, MIS, or a related technical field, or equivalent practical experience.
Certification Requirements
Holds or is actively working toward one or more of the following: CISSP, CISM, CISA, CRISC, or CGRC.
What You Can Expect
Compensation: The base salary for this position ranges from $150,000 to $200,000 annually, depending on your location, experience, and qualifications. Additional compensation offerings include company profit-sharing bonus program, communication stipends, and referral bonuses.
Inclusive benefits package offering:
Comprehensive medical, dental, and company paid vision insurance, 401(k) retirement plan with employer match, voluntary life and AD&D insurance options, voluntary supplemental insurances for accident, critical illness, and legal services, paid time off (PTO) and paid holidays, employee assistance and wellness programs, company paid short term disability coverage, company contributions to health saving funds (with participation in the high deductible health plan. We offer company paid access to Galileo for virtual primary care and Rula for virtual mental health resources.
Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team.
Career and skill development resources to help advance your career and personal growth.
A mission-driven environment where your work makes a measurable impact on the real estate industry.
What We Value
Wherever it Leads, Whatever it Takes® - No matter how remote, complex, or unexpected. Our commitment never wavers.
Hire NICE people - Skills can be taught but character shines through. We seek those who bring integrity, kindness, and grit.
Lift others up - We lead with empathy and strive to improve the lives of those around us.
Sweat the details - Excellence lives in the little things. Getting it just so is how we make a big impact.
Raise the bar - We don’t settle for industry standards, we redefine them.
About Us
Our story began in the mountain town of Truckee, California more than 20 years ago, when we pioneered simple, web-based valuation technology solutions for an industry that relied on paper. Today, we’ve grown one of the highest-coverage networks of real professionals in the county. As we continue our journey to modernize valuation we’ll hold on to our promise from day one: to go wherever it leads and do whatever it takes to serve our customer with remarkable technology and uncompromising service.
Clear Capital is an equal-opportunity employer.
To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.