GRC Senior Manager

Job Summary

The GRC Senior Manager maintains cybersecurity governance, risk, and compliance strategies by managing staff and overseeing the development and execution of our cybersecurity risk management framework, information security policies, data security and privacy programs, IT audits and regulatory inquiries. This position directs our Third-Party Risk Management program. Manages cybersecurity risks and ensures compliance with relevant regulations, policies, standards, and controls designed to protect the organization’s information assets. Considers the current and future business environment in the design of a GRC program and brings enterprise-level perspective, while building and fostering meaningful, collaborative relationships with cross-functional teams to implement necessary controls. A key focus of this position is managing and developing staff and unit budget to achieve strategic department and team goals. The senior management position is defined by the depth and complexity of the areas of responsibility along with its strategic responsibilities for the company's success.

Primary Job Responsibilities

• Maintains the organization's effectiveness and efficiency by supporting strategic plans for the cybersecurity program, and is specifically accountable for the governance, risk, and compliance function.
• Achieves financial objectives by forecasting requirements, preparing an annual budget, scheduling expenditures, analyzing variances and initiating corrective action within the functional unit.
• Works with senior leadership to develop team goals and aligning them with department objectives.
• Recruits, selects, coaches, and develops team leaders and analysts within the department. Manages professional growth and development plans.
• Translates and champions cybersecurity strategy to functional unit.
• Conducts performance and professional development reviews per HR guidelines. Takes corrective actions, including Performance Improvement Plans or terminations, when necessary.
• Defines, implements, and oversees Information Security policies and the effective implementation of controls, standards, guidelines, and procedures across the Company to ensure the protection of information assets.
• Builds effective partnerships and strong collaborations with business and IT leaders to ensure robust information security practices and compliance within the Company's risk appetite.
• Perform other duties as assigned.

Career Level (M4)

Organizational Impact:

• Establishes key elements of tactical and operational plans with direct impact towards the achievement of results of the area. Focus is on short- to mid-term operational plans (e.g., 1- 2 years). Develops new products, processes, standards or operational plans in support of the area.
• May have budget accountability for area or manage elements of the budget.

Leadership & Talent Management: 

• Manages a large team typically comprised of managers and/or supervisors and experienced professionals.
• Typically has hiring, firing, promotion and reward authority within own area, in accordance with manager review and approval.

Knowledge & Experience: 

• Requires broad management and leadership knowledge to lead project or program teams in one department/area. Typically has advanced knowledge and skills within a specific technical or professional discipline with broad understanding of other areas within the department.
• Typically requires a university degree or equivalent experience and minimum 6-8 years prior relevant experience.

Required Skills

• Expert knowledge and experience with cybersecurity control frameworks (NIST CSF or ISO 27001 required).
• Proven experience designing and implementing cybersecurity policies, controls, standards, and guidelines.
• Expert knowledge and experience with PCI-DSS, SOX, and financial services regulations.
• Proven experience partnering with external auditors in a publicly traded company.
• Working knowledge of data governance, privacy regulations, and secure financial services activities.
• Broad understanding of business practices and operations.
• Exceptional analytical skills.
• Exceptional written and verbal communication skills.
• Proficiency with MS Office / MS Office 365 tools including Word, PowerPoint, Excel, Outlook, OneNote, SharePoint.

Required Licensing, Registration and/or Certifications

• Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) preferred

Physical Requirements:

• May require travel

PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third party recruiting agencies (collectively, “Recruiters”) in response to job postings. If Recruiters nevertheless submit one or more unsolicited resumes to any employee at PulteGroup, Inc. or its affiliates without a valid written agreement in place for this position, it will be deemed the sole property of PulteGroup, Inc. and its affiliates. No fee will be owing or paid to Recruiters who submit unsolicited candidates, in the event the candidate is hired by PulteGroup, Inc. or its affiliates as a result of the referral, without a written agreement between PulteGroup, Inc. and through any means other than via our Applicant Tracking System.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. We will provide a reasonable accommodation to a qualified applicant with a disability that will enable the individual to have an equal opportunity to participate in the application process and to be considered for a job.

This Organization Participates in e-Verify

Pulte Homes of Minnesota is an equal employment opportunity/affirmative action employer.

California Privacy Policy