Information Technology

Security Governance and Compliance Manager

Permanent

Friedman Williams


Security Governance and Compliance Manager New York New York

Job ID: 21275

Security Governance, Risk & Compliance (GRC) Manager

Reporting to the Director of Information Security, the GRC Manager will play a critical role in advancing the firm’s security, compliance, and risk management programs. This is a highly visible individual contributor position that serves as the primary liaison for client security assessments, manages the firm’s ISO 27001/27701 programs, and drives key governance and compliance initiatives across the organization.

Key Responsibilities

Client Security Assessments

  • Serve as the primary point of contact for client security questionnaires, audits, RFPs, and Outside Counsel Guidelines.
  • Manage responses, evidence collection, findings remediation, and stakeholder coordination.
  • Maintain and optimize the firm’s Vanta-based questionnaire automation and evidence repository.

ISO 27001 / ISO 27701 Program Management

  • Coordinate internal and external audits, annual risk assessments, and compliance activities.
  • Partner with external consultants and internal stakeholders to maintain certification requirements.
  • Track continuous improvement initiatives and compliance metrics.

Governance, Risk & Compliance

  • Develop and maintain security policies, procedures, and control frameworks.
  • Support oversight of privileged access management, vulnerability management, data protection, and security compliance initiatives.
  • Provide regular reporting and recommendations to IT leadership and firm management.

Security Awareness & Training

  • Manage phishing simulations and cybersecurity awareness programs.
  • Update training content to reflect emerging threats, regulatory changes, and firm policies.

Qualifications

  • Bachelor’s degree in Information Security, Information Systems, Risk Management, or related field.
  • 5+ years of experience managing enterprise GRC programs, including ISO 27001 and/or SOC 2 environments.
  • Strong knowledge of security frameworks, risk management, audits, and compliance programs.
  • Experience handling client security assessments and third-party audits.
  • Excellent communication, documentation, and stakeholder management skills.
  • Relevant certifications such as CISSP, CISA, CRISC, PMP, or similar are highly preferred.

Why Join?

  • Highly visible role with direct exposure to firm leadership.
  • Opportunity to shape and mature a world-class security and compliance program.
  • Collaborative, team-oriented environment within a premier global law firm.
  • Exposure to cutting-edge cloud, AI, and information security initiatives.
  • Flexible hybrid work model and strong long-term career growth potential.

Tagged as: Security Governance and Compliance Manager

  • Date Posted:
  • Expiration date: June 5, 2027
  • Location: New York New York