Manager, InfoSec Governance Risk and Compliance; GRC

Manager, Info Sec Governance Risk and Compliance (GRC)

Manager, Info Sec Governance Risk and Compliance (GRC)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

At Ivalua we are a global community of exceptional professionals who believe that digital transformation revolutionizes supply chain sustainability and resiliency. Our cloud-based spend management platform empowers brands to manage spend, improve ESG performance, lower risk, and boost productivity.

We are looking for an experienced Info Sec Governance Risk and Compliance (GRC) Manager to lead a global team and own the GRC program worldwide. Reporting to Info Sec leadership, you will manage and develop a high‑performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high‑performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS and others.
• Serve as the subject‑matter expert on security frameworks and standards including NIST SP 800‑53 Rev 5, NIST 800‑171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third‑Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce Info Sec policies, standards, and plans.

If you have the below experience and strengths this role could be for you:

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.).
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team.
• Strong knowledge of security frameworks such as NIST SP 800‑53, NIST 800‑171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem‑solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self‑motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills.

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

As set forth in Ivalua’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Title:

Manager, Info Sec Governance Risk and Compliance (GRC)

Range minimum: USD 112,000

Range maximum: USD 208,000

Additional compensation / rewards:
Ivalua also offers exceptional benefits including medical, dental, vision and transportation.