Sr. Manager Risk & Governance

Our Company

Changing the world through digital experiences is what Adobe's all about. We give everyone—from emerging artists to global brands—everything they need to design and deliver exceptional digital experiences. We're passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen.

We're on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours.

As our Senior Manager leading all aspects of Security Risk and Governance, you will spearhead the advancement of our security risk strategy. The objective is to continue to invest in the evolution of the risk program by improving qualitative evaluations through quantitative analysis.

The mission is to improve our decision making by using security insights, data analytics, and a security-first approach complemented by detailed modeling (where applicable) to support and validate the existing security risk landscape across the organization. Lead all aspects of Adobe's Security Management framework, integrating with industry-leading models for risk measurement, and offer senior leadership continuous insights.

In addition, the role will drive the Security Policy & Procedures framework across Adobe (PSOP) and help operationalize and transform the PSOP program. This role is both strategic and hands-on, managing a dedicated team while advancing Adobe's ability to connect technical risk with business outcomes.

This position is in San Jose, Lehi, Seattle or New York and will work directly under the Sr. Director of GRC. Here are insights on focus areas for the role:

• Guide the transformation of the security risk program to include qualitative measurements complemented by quantitative insights, integrating AI, data interpretation, and financial analysis.
• Maintain and operate the company's security risk framework, ensuring risks are accurately captured, updated, and prioritized.
• Provide the strategic vision, and drive maturity of, the Security Governance and Policy program.
• Ensure Policies and Standards program aligned to a centralized governing strategy that includes key input from Security Architecture, Adobe Common Controls Framework (CCF), Cyber Operations, and Product Security.
• Apply and integrate industry risk frameworks (FAIR, NIST RMF, ISO 42001, etc.) into Adobe's governance processes.
• Quantify risks in financial terms (e.g., cost of impact, expected loss, return on investment on controls) to support executive decision making where possible.
• Develop dashboards and BI reporting tools to visualize risk metrics and trends for both technical and non-technical partners.
• Manage and mentor a small, highly skilled risk and governance management team, ensuring collaboration and continuous development.
• Facilitate cross-functional workshops and meetings to drive risk & governance awareness and alignment across business and security teams.
• Monitor regulatory, technological, and procedural changes, ensuring ongoing compliance and adaptability.
• Implement and optimize GRC platforms (e.g., Service Now IRM, Archer, Vanta, Drata) and ensure seamless integration with enterprise tools.
• Prepare and deliver clear, business-focused reports and presentations for senior leadership, bridging technical detail with strategic insights.

• Needs a background of at least 10 years in Security Risk Management, an Advanced Degree, or similar experience, or 13 years or more with a Bachelor's or equivalent experience in correlated domains.
• 3-5 years' experience managing high performing teams
• In-depth knowledge on security risk management and risk management models (FAIR, OCTAVE, NIST RMF, ISO 27005 etc.)
• Good understanding of security concepts, security stack & tools, industry trends and adversary insights
• Proficiency in threat modeling, data science and analytics and AI/ML capabilities
• Experience with platforms and automation for threat identification, detection and risk analysis
• Familiarity with regulatory frameworks for technology and security risk management
• Good understanding of innovative technologies and corresponding knowledge of potential security risks and vulnerabilities
• Comfortable leading the Policy Governance function and has in-depth understanding and knowledge working with complex security policies and standards (e.g., Cloud Architecture, Vulnerability Management)
• Led Compliance with Audit Frameworks (e.g., SOC2, ISO 27001, NIST 800-53)
• Relevant certifications such as CISSP, CISM, CISA, CRISC
• Professional Risk Manager (PRM) certification is a plus

At Adobe, we believe in creating a company culture where all employees are empowered to make an impact. Learn more about Adobe life, including our values and culture, focus on people, purpose and community, Adobe For All,…