Governance, Risk & Compliance Program Manager


The GRC Security Program Manager is a member of the Chief Information Officer (CIO) organization and positioned strategically within IT Security. This role will assist to align the compliance operations and organizational goals/objectives. This role will assist all aspects of IT to build security and compliance- related programs that are sustainable and scalable. Also, this role is responsible for helping teams achieve their goals by establishing, managing, and reporting the Security organization performance metrics, including Key Performance Indicators (KPI) and Key Risk Indicators (KRI). This role will also drive projects which are IT Security related, leveraging program and project management skills across the organization.

What You'll Do

● Define program controls and governance - processes, procedures, reporting and policies - to manage

● Oversee and be responsible for establishing, managing, and reporting key security team performance metrics that measure effectiveness in meeting compliance and audit goals and objectives, and to enable Security leadership to pinpoint specific technical, operational, or management controls that are not being implemented or are implemented incorrectly.

● Integrate and synchronize data to present meaningful Security information.

● Auditing vulnerability reports, tracking progress through remediation

● Establishing processes and workflows to assist with security related programs (issue reporting, security risk identification, risk remediation, policy exceptions)

● Drive execution and strategy of the IT GRC programs

● Monitor and communicate program measures of success, plans, status, issues and risks in a timely manner to team members, stakeholders and senior level management


Who You Are

  • 5+ years security and/or IT related experience
  • 3+ Program/Project Management experience including complex, cross-functional technical programs that drive strategic business initiatives. PgM or PMP certified preferred
  • 5+ years of defining program controls and governance; processes, procedures, reporting and policies
  • Experience in working with security teams and control frameworks such as NIST800-52, NIST CSF, ISO27001, CIS Controls, PCI-DSS, SOC1 and/or SOC2
  • Must be an effective communicator with excellent oral and written communication skills
  • Ability to work in a remote, team environment with global team members


TIBCO Software Inc. unlocks the potential of real-time data for making faster, smarter decisions. Our Connected Intelligence Platform seamlessly connects any application or data source; intelligently unifies data for greater access, trust, and control; and confidently predicts outcomes in real time and at scale. Learn how solutions to our customers’ most critical business challenges are made possible by TIBCO at




Full Time



United States