Senior Manager, Governance, Risk and Compliance (GRC) - Provo and Reston

Why We Have This Role

Robust governance, risk management, and compliance (GRC) are crucial in today's complex regulatory landscape. The Sr. Manager of GRC is a key leader responsible for driving and managing our security compliance programs, ensuring our organization meets and exceeds stringent standards like FedRAMP and PCI. This role is essential for executing critical compliance activities, managing risk, and promoting a culture of security across the organization. By managing our GRC programs, you will directly contribute to our operational excellence, foster customer trust, and strengthen our market position.

How You’ll Find Success

• Program Management: Manage and execute our GRC programs. You will drive initiatives to streamline processes related to audits, third-party risk management, and security certifications such as FedRAMP High, PCI, and DoD IL4.
• Strategic Execution: Contribute to the overall GRC strategy and lead the implementation of its roadmap. You will ensure the GRC framework is effectively integrated into our product development lifecycle and corporate operations.
• Cross-Functional Collaboration: Work closely with Engineering, Legal, Product, and other internal teams to translate GRC requirements into actionable plans. You will foster a collaborative environment to ensure compliance is understood, met, and sustained.
• Process Improvement and Innovation: Identify and implement continuous improvements for GRC processes. You will find opportunities for automation and apply industry best practices to enhance the efficiency and effectiveness of our compliance activities.

How You’ll Grow

• Influence industry standards by representing the company in key security and compliance working groups and forums.
• Refine your strategic communication skills through regular interaction with senior leadership, auditors, and key internal stakeholders.
• Develop your leadership skills by managing and mentoring GRC professionals, guiding their projects and supporting their professional growth.

Things You’ll Do

• Drive our public sector and enterprise readiness by leading the charge on achieving and maintaining critical certifications like FedRAMP High, DoD IL4, and PCI. You will own the end-to-end process, from managing audits to implementing and maturing our continuous monitoring programs.
• Build and lead the GRC team with an engineering-first philosophy, hiring and mentoring technical-minded professionals who can automate compliance controls and partner directly with developers to solve problems.
• Embed security and compliance into our DNA. You will act as a key evangelist and partner to Engineering and Product teams, translating complex GRC requirements into actionable plans and fostering a culture where compliance is a natural part of the development lifecycle.
• Build a scalable, modern GRC function. You will find and remove bottlenecks in our compliance processes, leveraging automation and innovative tools to increase efficiency and provide clear, data-driven insights to leadership through dashboards and reporting.
• Strengthen our security posture by maturing our third-party risk program. You will evolve how we assess vendor risk, implementing streamlined processes that protect our organization and customers without slowing the business down.
• Directly enable business growth and build customer trust. You will partner with Sales, Legal, and Product to communicate our security and compliance posture effectively, helping to unblock deals and strengthen our market position as a trusted partner.
• Translate GRC activities into a clear strategic narrative. You will regularly report on the status and effectiveness of our compliance programs to senior leadership, providing the insights they need to make informed decisions about risk and investment.

What We’re Looking For On Your Resume

• Leadership Experience: Strong experience in managing GRC programs and leading compliance-focused projects, with a demonstrated ability to guide and mentor team members.
• Technical and Certification Expertise: Extensive hands-on experience with security certifications and control frameworks (e.g., FedRAMP, PCI, SOC 2, ISO 27001) and the ability to manage the associated audit and remediation processes.
• Strategic Mindset: The ability to translate high-level strategic goals into actionable project plans and execute on them effectively to meet both regulatory obligations and business objectives.
• Stakeholder Management: Exceptional skill in communicating complex GRC concepts to technical and non-technical audiences and collaborating effectively with internal teams, leadership, and external auditors.

Remember, it's not about how many years you've worked; it's about what you've achieved during that time that counts.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don't hesitate to apply.

What You Should Know About This Team

• Innovation at Our Core: Our Security Operations team embraces change and thrives on solving complex challenges. We value experimentation, continuous learning, and push the boundaries of conventional security practices.
• Collaborative Environment: We believe in the power of teamwork and foster open communication across the team and the wider organization. Your ideas will be heard, and your collaboration will be essential.
• Data-Driven Approach: We rely on data-driven insights to inform our security strategies, measure effectiveness, and continuously improve our posture.
• Growth Mindset: We are committed to your professional development. You'll have opportunities to expand your expertise, contribute to high-visibility projects, and advance your career in cybersecurity.

Joining our team means stepping into a role that's vital, challenging, and deeply linked to Qualtrics' aim of reshaping industries by harnessing the power of Experience Management and AI.

Our Team’s Favorite Perks and Benefits

• Wellness Reimbursement: $300 per quarter for wellness activities including gym memberships, spa massages, workout equipment, meditation apps, and much more.
• Experience Bonus: $1800 to be used for an “Experience” of your choosing.
• Amazing QGroup Communities: MOSAIQ, Green Team, Qualtrics Pride, Q&Able, Qualtrics Salute, and Women’s Leadership Development, which exist as places for support, allyship, and advocacy.