Job Description

Security Governance, Risk & Compliance (GRC) Manager

Reporting to the Director of Information Security, the GRC Manager will play a critical role in advancing the firm's security, compliance, and risk management programs. This is a highly visible individual contributor position that serves as the primary liaison for client security assessments, manages the firm's ISO 27001/27701 programs, and drives key governance and compliance initiatives across the organization.

Key Responsibilities

Client Security Assessments

• Serve as the primary point of contact for client security questionnaires, audits, RFPs, and Outside Counsel Guidelines.
• Manage responses, evidence collection, findings remediation, and stakeholder coordination.
• Maintain and optimize the firm's Vanta-based questionnaire automation and evidence repository.

ISO 27001 / ISO 27701 Program Management

• Coordinate internal and external audits, annual risk assessments, and compliance activities.
• Partner with external consultants and internal stakeholders to maintain certification requirements.
• Track continuous improvement initiatives and compliance metrics.

Governance, Risk & Compliance

• Develop and maintain security policies, procedures, and control frameworks.
• Support oversight of privileged access management, vulnerability management, data protection, and security compliance initiatives.
• Provide regular reporting and recommendations to IT leadership and firm management.

Security Awareness & Training

• Manage phishing simulations and cybersecurity awareness programs.
• Update training content to reflect emerging threats, regulatory changes, and firm policies.

Qualifications

• Bachelor's degree in Information Security, Information Systems, Risk Management, or related field.
• 5+ years of experience managing enterprise GRC programs, including ISO 27001 and/or SOC 2 environments.
• Strong knowledge of security frameworks, risk management, audits, and compliance programs.
• Experience handling client security assessments and third-party audits.
• Excellent communication, documentation, and stakeholder management skills.
• Relevant certifications such as CISSP, CISA, CRISC, PMP, or similar are highly preferred.

Why Join?

• Highly visible role with direct exposure to firm leadership.
• Opportunity to shape and mature a world-class security and compliance program.
• Collaborative, team-oriented environment within a premier global law firm.
• Exposure to cutting-edge cloud, AI, and information security initiatives.
• Flexible hybrid work model and strong long-term career growth potential.