5,716 Security Governance jobs in the United States

Title: Information Security Governance Lead

Company: Defense Manufacturing

Location: Arlington, VA

Type: Full Time

This role involves conducting research and gap analysis on best practices, drafting revisions to security procedures, and providing guidance on Security Classification Guides. The position includes creating and updating training materials, facilitating training and audits, and maintaining awareness of trained personnel. Additionally, the role supports classification reviews, mandatory reports, and background research for policy requests, while coordinating with various government agencies and attending related meetings. Other duties are assigned as needed.

Requirements:

12+ years of experience in conducting analysis, security operations, and information security training.

Active TS/SCI clearance.

As we continue to grow and expand globally, we're on the lookout for a Global Manager of Information Security, Governance & Compliance to take the lead in shaping and elevating our Global GRC (Governance, Risk, and Compliance) program.

In this high-impact role, reporting directly to the General Counsel, you'll be at the forefront of driving security and compliance across the organization. You'll ensure we meet internal security policies, global regulations, industry standards, and applicable laws. From leading comprehensive risk assessments to building and scaling security awareness programs, processes and training, you'll be a key force behind fostering a strong security and compliance culture across all teams and regions.

You'll also be instrumental in securing and maintaining our global security certifications-such as ISO 27001, SOC, and Cyber Essentials Plus. That means managing audits, partnering with external auditors, and ensuring our practices align with the highest certification standards. If you're excited by the opportunity to lead on a global scale, influence key initiatives, and make a meaningful impact, we'd love to hear from you.

Work Locations:

This position offers hybrid or remote flexibility; however, candidates must reside near one of our office locations in Alpharetta, Georgia; Blue Bell, Pennsylvania; Herndon, Virginia; or New York City, New York. This position must live and be authorized to work in the United States; it is not eligible for relocation or sponsorship.

Hours and Travel:

Approx. 25% international and domestic annually. This position will work typical eastern US business hours with flexibility to meet with teams in multiple countries.

What You Will Do:

As the key driver of information security compliance across our global operations, you will:

• Define and implement the organization's GRC program, including policies, procedures, and controls.
• Oversee and manage our global information security governance and compliance programs.
• Develop and maintain robust security policies, procedures, and best practices.
• Coordinate internal and external audits (SOC, ISO, Cyber Essentials Plus), ensuring readiness and compliance.
• Conduct internal audits, identify gaps, and recommend corrective actions.
• Deliver training sessions and security awareness initiatives across the organization.
• Lead third-party risk assessments (TPRM) and respond to vendor security assessments.
• Chair ISMS Management Review meetings and monitor cyber risk metrics.
• Support IT with vulnerability management and penetration testing planning.
• Contribute to data privacy and governance compliance under GDPR, UK DPA, NZ Privacy Act, etc.
• Support Business Continuity Planning (BCP) testing and documentation.

• Bachelor's degree in Computer Science, Information Systems, or related field (or equivalent work experience).
• 10+ years of experience in IT governance, compliance, or risk management at a global company.
• Proven experience with international compliance, specifically GDPR, data protection laws, and compliance initiatives.
• Six Sigma is a nice to have.
• ISO 27001 Internal Auditor certification is highly desirable.
• Strong understanding of information security and IT governance frameworks.
• Familiarity with telecommunications and technologies like networking and VoIP is preferred.
• Ability to manage complex, cross-functional projects with a high attention to detail.
• Excellent communication and stakeholder engagement skills.
• Proficient in Microsoft Office Suite, especially SharePoint, OneDrive, Outlook, Teams, etc.

• We pride ourselves on our team-based approach to providing quality solutions for our clients. BCM One encourages a culture of collaboration, exposing employees to different areas of the business and fostering career growth.
• We support employee involvement and provide opportunities to be responsible stewards via our BCM One Gives Back Program and our Emergency Fund to help our team members who are going through difficult times.

• We offer an Employee of the Quarter program with a monetary award and Employee of the Year that includes a 7-day vacation package to the Caribbean. In addition, we host various regional team-building gatherings throughout the year.
• We believe in developing our team members and offer many opportunities for training, professional development and career growth.

• We empower our team members to speak up and look for opportunities in challenges.
• We have an Employee Council and a Diversity Equity and Inclusion Committee made up of volunteers from across the company who share a passion for making BCM One a great place to work and find ways to positively impact our communities.

• Competitive industry salaries
• Comprehensive medical, dental, and vision insurance
• Company-provided life and disability insurance
• Matching 401 (k) plan
• Employee Emergency Assistance Fund
• Paid holidays and vacation time

Job Description

Salary:

As we continue to grow and expand globally, were on the lookout for aGlobal Manager of Information Security, Governance & Compliance to take the lead in shaping and elevating our Global GRC (Governance, Risk, and Compliance) program.

In this high-impact role, reporting directly to the General Counsel, youll be at the forefront of driving security and compliance across the organization. You'll ensure we meet internal security policies, global regulations, industry standards, and applicable laws. From leading comprehensive risk assessments to building and scaling security awareness programs, processes and training, youll be a key force behind fostering a strong security and compliance culture across all teams and regions.

Youll also be instrumental in securing and maintaining our global security certificationssuch as ISO 27001, SOC, and Cyber Essentials Plus. That means managing audits, partnering with external auditors, and ensuring our practices align with the highest certification standards. If you're excited by the opportunity to lead on a global scale, influence key initiatives, and make a meaningful impact, wed love to hear from you.

Work Locations:

This position offers hybrid or remote optional in the US or UK; if hybrid, candidates may work out of one of our offices in London, UK; Alpharetta, Georgia; Blue Bell, Pennsylvania; Herndon, Virginia; or New York City, New York.; if hybrid, candidates may work out of one of our offices in Alpharetta, Georgia; Blue Bell, Pennsylvania; Herndon, Virginia; or New York City, New York. This position must live and be authorized to work in the United States; it is not eligible for relocation or sponsorship.

Hours and Travel:

Approx. 25% international and domestic annually. This position will require flexibility to meet with teams in multiple countries and time zones ranging from New Zealand through the Pacific Coast in the US.

What You Will Do:

As the key driver of information security compliance across our global operations, you will:

• Define and implement the organization's GRC program, including policies, procedures, and controls.
• Oversee and manage our globalinformation security governance and compliance programs.
  
• Develop and maintain robustsecurity policies, procedures, and best practices.
  
• Coordinateinternal and external audits (SOC, ISO, Cyber Essentials Plus), ensuring readiness and compliance.
  
• Conduct internal audits, identify gaps, and recommend corrective actions.
  
• Delivertraining sessions and security awareness initiatives across the organization.
  
• Lead third-party risk assessments (TPRM) and respond to vendor security assessments.
  
• ChairISMS Management Review meetings and monitor cyber risk metrics.
  
• Support IT withvulnerability management and penetration testing planning.
  
• Contribute todata privacy and governance compliance under GDPR, UK DPA, NZ Privacy Act, etc.
  
• SupportBusiness Continuity Planning (BCP) testing and documentation.

What You Will Need:

• Bachelors degree inComputer Science, Information Systems, or related field (or equivalent work experience).
• 10+ years of experience in IT governance, compliance, or risk management at a global company.
  
• Proven experience with international compliance, specifically GDPR, data protection laws, and compliance initiatives.
• Six Sigma is a nice to have.
• ISO 27001 Internal Auditor certification is highly desirable.
  
• Strong understanding ofinformation security and IT governance frameworks.
  
• Familiarity withtelecommunications and technologies like networking and VoIP is preferred.
  
• Ability to managecomplex, cross-functional projects with a high attention to detail.
  
• Excellent communication and stakeholder engagement skills.
  
• Proficient inMicrosoft Office Suite, especially SharePoint, OneDrive, Outlook, Teams, etc.

Who We Are:

BCM One is a leading telecom provider of NextGen Communications and Managed Services that has been in business for 30 years with more than 18,000 business customers and 5,000 channel partners who rely on our products, services, and teams to support their critical underlying network infrastructure. BCM One is the parent company to our family of brands that includes SIP.US, SIPTRUNK, Flowroute, SkySwitch, and Pure IP.

Joining the BCM One team is a chance to be part of a financially strong company with an exciting growth story; over the past 4 years weve brought together leading companies in our space who have built products, services, and programs to innovate and disrupt our industry. Now, operating under one roof, we are taking BCM One to the next level and looking for talented individuals to help make that happen.

When you choose to work at BCM One, you get to work with a talented team and build experience with the leading technologies, suppliers, and partners in our industry. We dont offer cookie-cutter solutions, so the opportunities are endless, and the work is always varied and interesting. We take our mission to provide a world-class experience with every human interaction seriously, which means everything you do makes a difference. And were committed to building and nurturing a diverse and inclusive workforce and environment that empowers you to do your best work, spread your wings and reach your full potential. At BCM One, we encourage our team to learn something new every day, so you dont just become part of our growth story, we become part of yours.

Why BCM One:

We are committed to creating an environment that fosters teamwork, accountability, innovation, and teamwork. Many BCM One employees have been with the company for 10+ years, which we think says a lot about our culture.

We Are a Team

• We pride ourselves on our team-based approach to providing quality solutions for our clients. BCM One encourages a culture of collaboration, exposing employees to different areas of the business and fostering career growth.
• We support employee involvement and provide opportunities to be responsible stewards via our BCM One Gives Back Program and our Emergency Fund to help our team members who are going through difficult times.

Hard Work is Recognized

• We offer an Employee of the Quarter program with a monetary award and Employee of the Year that includes a 7-day vacation package to the Caribbean. In addition, we host various regional team-building gatherings throughout the year.
• We believe in developing our team members and offer many opportunities for training, professional development and career growth.

Your Voice is Heard

• We empower our team members to speak up and look for opportunities in challenges.
• We have an Employee Council and a Diversity Equity and Inclusion Committee made up of volunteers from across the company who share a passion for making BCM One a great place to work and find ways to positively impact our communities.

How we take care of you:

• Competitive industry salaries
  
• Comprehensive medical, dental, and vision insurance
• Company-provided life and disability insurance
• Matching 401 (k) plan
• Employee Emergency Assistance Fund
• Paid holidays and vacation time
  

BCM One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.

• Serve as primary drafter for all regulatory submissions (DORA, GLBA, ECB)
• Support on preparing quarterly ITOOC materials and CISO briefing packages such as GIOC, IT Interlock
• Maintain enterprise security policies aligned to NIST CSF
• Support developing CISO roadmap documents for 3Y planning

• Act as single point of contact for all audits (internal/external)
• Coordinate evidence collection across IT, Legal, and Business Units
• Draft management responses to findings (Must Fix List items)
• Track remediation to closure via GRC dashboards

• Own the Cyber KRI program - collect, analyze and report to:
• GIOC (monthly)
• ITOOC (quarterly)
• Regulators (as required)

• Rotational assignments:
• Q1: Shadow CISO in HO engagements
• Q2: Lead mock regulatory examination
• Q3: Draft Board-level risk report
• Q4: Support CISO by presenting as a CISO deputy on the GIOC meeting

• Conduct security risk validations for all IT Critical Vendors
• Maintain vendor risk register tracking:
• Control gaps (NIST 800-53)
• Remediation timelines
• Contractual security requirements
• Perform annual vendor reassessments aligned to FFIEC Third-Party Guidance

• Bachelor's degree in Cybersecurity, Risk Management, or related field and College Degree required
• 3-5 years in GRC, audit, or risk management (financial sector preferred)
• CRISC, CISA, or ISO 27001 LA desirable
• Regulatory Frameworks: NYDFS 500, GLBA, FFIEC CAT, NIST CSF, NIST 800-53
• Tools: ServiceNow GRC, Smartsheet, Qualys
• Reporting: KRI/KPI dashboards, regulatory submissions

• Supports the development and on-going management of the Security Governance, Risk & Compliance program
• Develops and maintains security standards, process documentations and control objectives
• Develops and maintains security control mappings to relevant frameworks
• Matures and enhance the information security awareness and training program
• Performs and manages the Information Security, Information Technology and Third-Party risk assessments
• Develops and maintains risk and controls register and monitor risk treatment strategies and control effectiveness
• Monitor and escalate unresolved security issues, exposures, misuse, policy violations and other non-compliance situations to Security Leadership
• Provide continuous tracking and monitoring of Security Program metrics
• Work closely with First Line of Defense teams, to identify potential security weaknesses, define potential impact and develop effective mitigation strategies
• Collaborating with Internal Audit and Compliance teams for security and technology audit-related activities
• Monitor industry regulatory environment for impact on security programs and changes to security compliance standards
• Performs other duties as may be assigned"

KPMG provides audit, tax, and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence, and supports our communities. If you're as passionate about your future as we are, join our team. KPMG is currently seeking a Manager, Security Governance Risk and Compliance (SOQC) to join our Enterprise Security Services organization. This is a remote work opportunity.

• Responsible for managing a system-based portfolio of controls, and artifacts representing key KPMG Audit systems within the organization
• Work with KPMG's internal shared service IT teams to coordinate the timing and execution of quarterly SoQC control certifications for design and operating effectiveness, coordinate and evaluate evidence submissions, as well as obtain Senior Leadership certification for all controls under the SoQC Digital Nexus remit
• Apply a thorough knowledge of internal audit processes and techniques, IT controls, control testing, compliance, risk, and information security; monitor specific control sets, and related processes within a changing IT operating landscape
• Analyze thoroughly the impact of operational and control changes related to the performance of the Audit applications within the portfolio; identify, recommend and drive objectives that result in the continual improvement of the overall Governance Risk and Compliance (GRC) function
• Oversee the deliverables of a small team, managing deadlines, expectations, and contributing to staffing decisions; build and maintain trust-based relationships with peers and leaders
• Supervise the performance of junior staff; provide coaching, mentoring and feedback to such individuals and may also serve as a formal performance manager of a team of junior employees

Minimum five years of recent experience in risk and compliance within a large professional services environment, Bachelor's degree from an accredited college or university is preferred; relevant industry certifications such as CPA (Certified Public Accountant), CIA (Certified Internal Auditor), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), and CRISC (Certified in Risk and Information Systems Control) are preferred Ability to successfully pull an organization through emerging regulatory, technological and procedural change Proficiency using ServiceNow, SharePoint, Microsoft Teams and Outlook Initiate meetings, work independently using autonomous leadership Strong verbal/written communication, problem solving, analytical and independent judgment skills to support an environment driven by customer service and teamwork; ability to positively influence, mentor and be a credible source of knowledge to less experienced team members Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)

• Provide direction, coaching and development for the Security GRC team to ensure effective execution of security governance, risk and compliance activities.
• Maintain and evolve security policies, standards, and procedures to align with industry best practices, regulatory requirements, and business needs.
• Coordinate security program testing, control validations, and independent assessments to validate program effectiveness and compliance with frameworks such as NIST CSF and PCI-DSS.
• Oversee IT/IS risk assessments, business unit security reviews, and third-party/vendor risk assessments, ensuring timely identification, tracking and remediation of risks.
• Drive continuous improvement of security GRC processes, tools and methodologies to enhance the maturity of the information security program.
• Partner with business units to strengthen security awareness and training programs, fostering a culture of shared responsibility for information security
• Develop, track, and report meaningful security metrics and key risk indicators (KRIs) for Executive Leadership and Board of Directors.
• Prepare clear, actionable reports and risk summaries that inform leadership of trends, vulnerabilities, and areas needing improvement.
• Collaborate with Security Architecture, ERM, Compliance, Vendor Management, Internal Audit and Technology teams to ensure alignment of security practices across the enterprise.
• Work with first-line teams to track and verify remediation of issues identified during testing, ensuring timely and effective resolution.
• Serve as a primary contact for security-related regulatory exams, internal audits, and external assessments.
• Provide guidance to senior leadership on emerging risks, industry trends, and regulatory expectations to influence security strategy and business decisions.
• Perform other functions as assigned by Security Leadership

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field.
• 10+ years of experience in Information Security, operating within a second line of defense function
• 3+ years of direct people management experience, including managing performance, coaching, and developing teams.
• 10+ years working with security and risk frameworks such as NIST, ISO, CIS Controls, etc.
• 7+ years of hands-on experience in control testing methodologies, risk assessments, and/or security audits.
• Professional certifications such as CISSP, CISM, CRISC, or CISA are required.
• Strong knowledge of security frameworks (NIST CSF, ISO 27001, Zero Trust, etc.)
• Proven ability to influence senior stakeholders and partner with engineering and technology teams
• Financial services or highly regulated industry experience is a plus
• Excellent communication and leadership skills

• Exceptional Medical, Dental, Vision, and Life Insurance benefits
• Onsite fitness center at HQ and rewards for completing wellness related activities

• Competitive compensation packages with bonus opportunity
• 401(k) with 3% Safe Harbor and 5% employer match
• Discounts on loan products
• Tuition reimbursement

• Employee Assistance Program (EAP)
• PTO for part-time and full-time positions
• Paid holidays

• On-the-job training and skills development
• Internal transfer opportunities for career growth
• Volunteer work