GRC Manager
Job in
Nashville, Davidson County, Tennessee, 37247, USA
Listed on 2026-03-01
Listing for:
Pillsbury Winthrop Shaw Pittman LLP
Full Time
position Listed on 2026-03-01
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, IT Business Analyst, Data Security
Job Description & How to Apply Below
Nashville time type:
Full time posted on:
Posted 2 Days Agojob requisition :
R003163
Nashville, Tennessee##
** Job Description
** The GRC Manager is responsible for day-to-day execution of Pillsbury’s Governance, Risk & Compliance (GRC) program, ensuring the firm maintains strong operational performance across ISO 27001, CMMC Level 2, vendor risk management, business continuity documentation, internal audit readiness, policy governance, and security awareness functions.
The GRC Manager translates strategic direction into actionable workflows, coordinates cross-functional teams, supports evidence lifecycle management, leads readiness activities, and ensures all GRC processes operate smoothly and efficiently. This role requires strong coordination, documentation, audit, and control-testing capabilities paired with working technical fluency to understand control implications without performing system administration.
** KEY RESPONSIBILITIES
**** Program Operations & Coordination
*** Lead day-to-day execution of ISO 27001 and CMMC Level 2 programs, ensuring alignment with regulatory and framework requirements.
* Translate strategy from the GRC Director into operational plans, workflows, and coordinated activities across departments.
* Oversee evidence lifecycle management, ensuring accuracy, completeness, and readiness for assessments.
* Manage recurring readiness cycles, status tracking, remediation follow-up, and program documentation.
* Coordinate closely with IT and Security SMEs to validate controls conceptually, assess alignment, and ensure proper documentation.
** Audit Readiness & Assessment Support
*** Serve as the primary operational point of contact for external auditors, assessors, and C3
PAOs.
* Lead audit planning, evidence packaging, SME coordination, and communication throughout assessment cycles.
* Track findings, corrective actions, and remediation progress, ensuring issues are resolved on schedule.
* Maintain audit documentation repositories and ensure audit materials remain continuously ready.
** Policy, Documentation & Governance
*** Oversee the full lifecycle of policies, standards, and procedures, including drafting, reviewing, updating, and publishing governance documents.
* Ensure governance documents (including the SSP, POA&M, SoA, risk registers, and operational procedures) are current, consistent, and high quality.
* Maintain comprehensive version control and documentation structures across all GRC-managed artifacts.
** Risk Management Oversight
*** Lead operational ownership of the firm’s risk register, including risk identification, scoring, tracking, and reporting.
* Support annual and ongoing risk assessments and help drive risk-based decisions and improvements.
* Co-lead risk committee or GRC steering activities with the Director and ensure preparation of materials.
** Vendor Risk Management
*** Oversee intake and assessment of third-party vendors, coordinating review of security documentation, questionnaires, and remediation efforts.
* Work with Procurement, Legal, IT, and the GRC Director to ensure consistent vendor oversight processes.## QUALIFICATIONS
** Business Continuity & Disaster Recovery (BCP/DR) Documentation & Reporting
*** Manage updates to business continuity and disaster recovery documentation, including BIAs, plan revisions, team rosters, and dependencies.
* Coordinate documentation, reporting, and follow-up from continuity exercises, DR tests, and tabletop sessions.
* Maintain continuity evidence in support of compliance audits and regulatory assessments.
** Security Awareness & Training
*** Oversee rollout of cybersecurity awareness campaigns and required annual trainings.
* Monitor participation, ensure compliance, and support content preparation aligned with firm and regulatory requirements.
** Cross-Functional Collaboration
*** Lead readiness meetings, documentation reviews, action-item tracking, and other recurring GRC operational sessions.
* Coordinate and supervise third-party consultants, advisors, and GRC service providers as needed.
* Serve as the operational escalation point for compliance risks, elevating issues to the GRC Director as appropriate.
* Provide backup support for client security questionnaires or reviews when delegated by the GRC Director.
** REQUIRED EDUCATION, KNOWLEDGE AND EXPERIENCE
*** 5
-10+ years of experience in cybersecurity governance, risk, compliance, audit, or related disciplines.
* Strong experience with IT controls, internal audit, risk assessments, or compliance operations.
* Working technical fluency - able to understand control expectations, architectural impacts, and technical evidence.
* Demonstrated ability to coordinate assessments or audits and lead multi-stakeholder compliance processes.
* Excellent documentation, writing, and organizational skills with attention to detail.
* Experience with GRC platforms (e.g., Archer, Service Now GRC, One Trust, Future Feed).
* Strong interpersonal skills and experience…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×