Manager of Security Governance, Risk, and Compliance

Job Overview:

We are seeking an Information Security Risk Manager to join our organization. This role will be responsible for managing security risk, both internally and externally, and ensuring compliance with regulatory standards and frameworks. The Information Security Risk Manager will play a pivotal role in third-party risk management, security awareness, audit management, risk registry management, and reporting risk to executive leadership. This role will be crucial in ensuring our organization's adherence to regulatory requirements, managing security risks, and establishing robust governance practices. The ideal candidate will have at least 5 years of experience within Information security programs focused on Security GRC. This position will report to the Sr. Director SEARCH (Security Engineering, Architecture, Risk, Compliance, and Humans) and be a critical role to continuously reduce risk across the enterprise.

What you'll do: 

Risk Registry Management

• Maintain and update the organization's Security Risk Register.
• Identify, evaluate, monitor, and drive accountability for risk control mitigations.
• Conduct regular risk assessments to evaluate the effectiveness of security controls.
• Provide consolidated written reports to the Risk Assurance and Audit Committee.

Reporting to Executive Leadership

• Prepare and present comprehensive risk reports to executive leadership.
• Provide risk management input to the overall Program Security Planning Process.
• Engage with legal, audit, assurance, and compliance teams to align security risk management practices with regulatory requirements.
• Contribute to the threat intelligence framework by helping with the identification of emerging risks.

Audit Management

• Lead internal and external security audits to ensure compliance with relevant standards and frameworks (e.g., ISO27001, NIST).
• Develop and maintain audit schedules and documentation.
• Coordinate with auditors and relevant stakeholders to address audit findings and implement corrective actions.

Third-party Risk Management

• Develop and maintain a comprehensive third-party risk management framework.
• Assess and manage security risks associated with external suppliers and partners.
• Conduct regular security assessments and audits of third-party vendors.
• Collaborate with procurement and legal teams to ensure third-party contracts include appropriate security requirements.

Security Awareness

• Design and implement a security awareness program to education employees on security best practices.
• Develop and deliver training sessions, workshops, and awareness campaigns.
• Monitor and measure the effectiveness of security awareness initiatives.
• Identify opportunities to influence colleague training content.
• Ensure that audit results are reported accurately and promptly to executive leadership.

What we're looking for:

• Proven information security professional with a compliance and risk management background.
• Extensive experience in technology risk, information security risk, or IT audit and assurance.
• Strong understanding of fundamental information and cyber security concepts and technologies.
• Demonstrated expertise in stakeholder management with a proactive approach.
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)

About AvidXchange

AvidXchange is a leading provider of accounts payable (“AP”) automation software and payment solutions for middle-market businesses and their suppliers. By trade, we are a technology company, but if you ask anyone who works here, they’ll tell you our people are at the core of who we are. We focus on creating a culture of Diversity, Inclusion & Belonging, and are proud to be a safe place where teammates can bring their whole selves to work. At AvidXchange, mindset is everything. We are Connected as People, Growth Minded, and Customer Obsessed. These three mindsets represent our culture – who we are, who we’ve always been, and they guide us to improve every day. Since our founding in 2000 in Charlotte, NC, we’ve created a company of over 1,600 teammates working across the U.S., or remotely. AvidXchange is proud to be Certified™ as a Great Place to Work®. The prestigious recognition is based on anonymous data from our teammates and makes official what our teammates have known for years – that AvidXchange is a Great Place to Work®. 

Who you are: 

• A go-getter with an entrepreneurial mindset – that means you are not afraid of taking risks, winning big or facing the unknown. 
• Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships. 
• Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential. 

What you’ll get:  

AvidXchange teammates (we call them AvidXers) get the perks and prestige of a publicly traded tech company paired with the flexibility of a founder-led startup. We help our AvidXers develop as professionals and as human beings, providing work/life balance, development programs, competitive benefits and equity options. At AvidXchange, we are building more than a tech company – we are building an experience. We remain committed to a culture where you can fully be 'you’ – connected with others, chasing big goals, and making a meaningful impact. If you want to help us grow while realizing your potential and creating stories you’ll tell for years, you’ve come to the right place.

AvidXers enjoy:  

• 18 days PTO* 
• 11 Holidays (8 company recognized & 3 floating holidays) 
• 16 hours per year of paid Volunteer Time Off (VTO) 
• Competitive Healthcare 
• High Deductible Heath Plan Option that has $0 monthly premium for teammate-only coverage 
• 100% AvidXchange paid Dental Base Plan Coverage
• 100% AvidXchange paid Life Insurance 
• 100% AvidXchange paid Long-Term Disability 
• 100% AvidXchange paid Short-Term Disability  
• Employee Assistance Program (EAP) - Provides counseling services, legal and financial consultations and health advocacy for Teammates and their eligible dependents
• Onsite Health Clinic with Atrium Health - available to Teammates and their eligible dependents
• 401k Match up to 4% 
• Parental Leave: 8 weeks 100% paid by AvidXchange** 
• Discounts on Pet, Home, and Auto insurance 
• BrightDime Financial Wellness Tool, offered free to teammates 
• WeeCare Childcare Service: helps teammates find affordable daycare, childcare, and tutors 40% less expensive than traditional daycare centers 
• Perks at Work: free discount program that provides teammates the opportunity to save on items from electronics, movie tickets, car buying, vacations, and more 
• Onsite gym fitness center, yoga studio, and basketball court
• Tuition Reimbursement up to the federal maximum of $5,250***
• Hybrid Workplace Flexibility
• Free parking

*Fully granted from beginning of year, pro-rated if hired mid-year 

**Must be full-time for at least 3 months

***Must be full-time for at least one year 

Equal Employment Opportunity

AvidXchange is an equal opportunity employer. AvidXchange is committed to equal employment opportunity in accordance with applicable federal, state, and local laws. AvidXchange will not discriminate against applicants for employment on any legally recognized basis. This includes, but is not limited to veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability.