Manager, Security Governance Risk & Compliance (GRC)

Full job description
About Patelco Credit Union:
Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.

We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.

We believe that work should be rewarding, challenging, and enjoyable. We’re dedicated to creating a positive and supportive culture where our team members can thrive. If you’re looking to use your skills and knowledge to make a difference in our members’ lives, Patelco could be the perfect fit for you.
Overview:
The Manager, Security Governance, Risk & Compliance (GRC) is a key leader within the Information Security organization responsible for driving governance, oversight and assurance activities that strengthen Patelco’s overall security posture. Operating within the second line of defense, this role provides independent challenge, transparency, and strategic guidance to ensure risk is effectively managed and security practices align with regulatory expectations and industry standards.

This leader will oversee the Security GRC team, advancing capabilities in policy governance, IT/IS and third-party risk assessments, program testing and security awareness. The GRC Manager will partner closely with 1LOD and 2LOD teams to align risk management practices, enhance program maturity and deliver meaningful reporting to executive leadership and the Board.
Responsibilities:
Provide direction, coaching and development for the Security GRC team to ensure effective execution of security governance, risk and compliance activities.
Maintain and evolve security policies, standards, and procedures to align with industry best practices, regulatory requirements, and business needs.
Coordinate security program testing, control validations, and independent assessments to validate program effectiveness and compliance with frameworks such as NIST CSF and PCI-DSS.
Oversee IT/IS risk assessments, business unit security reviews, and third-party/vendor risk assessments, ensuring timely identification, tracking and remediation of risks.
Drive continuous improvement of security GRC processes, tools and methodologies to enhance the maturity of the information security program.
Partner with business units to strengthen security awareness and training programs, fostering a culture of shared responsibility for information security
Develop, track, and report meaningful security metrics and key risk indicators (KRIs) for Executive Leadership and Board of Directors.
Prepare clear, actionable reports and risk summaries that inform leadership of trends, vulnerabilities, and areas needing improvement.
Collaborate with Security Architecture, ERM, Compliance, Vendor Management, Internal Audit and Technology teams to ensure alignment of security practices across the enterprise.
Work with first-line teams to track and verify remediation of issues identified during testing, ensuring timely and effective resolution.
Serve as a primary contact for security-related regulatory exams, internal audits, and external assessments.
Provide guidance to senior leadership on emerging risks, industry trends, and regulatory expectations to influence security strategy and business decisions.
Perform other functions as assigned by Security Leadership
Qualifications:
Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field.
10+ years of experience in Information Security, operating within a second line of defense function
3+ years of direct people management experience, including managing performance, coaching, and developing teams.
10+ years working with security and risk frameworks such as NIST, ISO, CIS Controls, etc.
7+ years of hands-on experience in control testing methodologies, risk assessments, and/or security audits.
Professional certifications such as CISSP, CISM, CRISC, or CISA are required.
Strong knowledge of security frameworks (NIST CSF, ISO 27001, Zero Trust, etc.)
Proven ability to influence senior stakeholders and partner with engineering and technology teams
Financial services or highly regulated industry experience is a plus
Excellent communication and leadership skills
Target Base Pay:
$165,255 per year
Compensation at Patelco:
Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.
We Offer:
Physical Health:
Exceptional Medical, Dental, Vision, and Life Insurance benefits
Onsite fitness center at HQ and rewards for completing wellness related activities
Financial Health:
Competitive compensation packages with bonus opportunity
401(k) with 3% Safe Harbor and 5% employer match
Discounts on loan products
Tuition reimbursement
Emotional Health:
Employee Assistance Program (EAP)
PTO for part-time and full-time positions
Paid holidays
Personal Development:
On-the-job training and skills development
Internal transfer opportunities for career growth
Volunteer work
Flexible work arrangements available for specific positions

Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans

IND123
 

United States
Georgia
Dublin Show on map Get directions