The Senior Manager, GRC (Governance, Risk, and Compliance) will lead the strategy, implementation, and effective management of Bloom Energy’s GRC framework. The ideal candidate will be focusing on aligning security policies/procedures with business goals, managing enterprise level cyber security risks in a central risk register ensuring compliance with laws/standards (like ISO 27001, CIS, GDPR, PCI-DSS). They will oversee assessments, reporting to leadership, and building/mentoring GRC teams. The ideal candidate should possess a positive attitude, be someone who embraces change, excels cross-functional collaboration, is organized, desires to automate, and has a solid background in IT security and compliance, driving risk-based decisions and maintaining regulatory adherence through policies, controls, and training.
Key Responsibilities
- Governance: Develop and maintain security policies, procedures, frameworks, and standards, ensuring alignment with business objectives. Drive enterprise-wide security training program.
- Risk Management: Oversee enterprise cyber security risk assessments, identify vulnerabilities, implement mitigation strategies, and manage third-party risk. Maintain central risk register. Collaborate with central enterprise risk management function. Support sales by timely filling out security questionnaires.
- Compliance: Ensure adherence to internal policies, industry standards (e.g., ISO 27001, CIS, NIST CSF), and external regulations (e.g., GDPR, CCPA, NERC-CIP, SOX). Primary liaison with external auditors for security compliance.
- Leadership: Lead and mentor the GRC team, foster a culture of compliance, and drive strategic GRC initiatives.
- Stakeholder Management: Collaborate with IT, legal, enterprise risk management, engineering, and business leaders; act as a liaison with auditors and regulators; and provide executive reporting.
- Reporting & Metrics: Establish metrics to track policy and compliance adherence and provide senior management with risk insights and compliance status on regular basis.
Key Skills & Qualifications
- Strong background in IT Security, Risk Management, and Compliance.
- Expertise in relevant laws, regulations, and frameworks such as ISO27001, NIST CSF, CIS.
- Drive several security programs leading to compliance
Security & vulnerability management
Change management
Logging environments
Periodic review of Active Directory, Group Policy and Access Management
Automated evidence collection
- Excellent leadership, communication, and stakeholder management.
- Strategic thinking and problem-solving abilities.
- Experience with GRC tools, policies, standards, procedures is required.
- Ability to function as a self-directed team leader organizing work and meeting deadlines.
- Identify effectiveness & efficiency improvement initiatives and work toward completing these goals.
- High standards for consistency & quality within personal and team performance.
- Ability to work flexible hours to collaborate with global team.
- Ability and desire to obtain industry relevant compliance knowledge/certifications.
Required Education and Experience
Bachelor's degree or Diploma preferred 12+ years of relevant industry experience with 7+ years in Compliance Familiarity with various compliance standards including ISO27001, GDPR, CIS, NIST CSF