Program Manager, Security Governance & Risk Reporting

The Information Security Manager – Metrics, Reporting & Risk Coordination enables informed decision-making across the enterprise by delivering clear, trusted security insights and ensuring strong execution discipline across the Information Security program.

This role owns the operational execution of security metrics, reporting, risk acceptance/exception coordination, and security-related project tracking. It partners closely with technical teams, risk owners, and business stakeholders to translate security data into meaningful narratives—up to and including board-level reporting—while ensuring risks, metrics, and remediation efforts are consistently tracked and communicated.

The role is both strategic and hands-on, with responsibility for day-to-day execution as well as mentoring and oversight of up to one direct report.

Key Responsibilities

Security Metrics & Executive Reporting

• Own and evolve an established Information Security metrics and KPI framework aligned to enterprise risk and governance objectives.
• Produce accurate, timely dashboards and reports for senior leadership and board-level visibility.
• Translate complex security and risk data into clear, business-relevant insights and trends.
• Ensure consistency, data quality, and integrity across all security reporting artifacts.
• Identify opportunities to enhance metrics maturity, visualization, and storytelling.

Risk Acceptance Coordination

• Coordinate the Information Security risk acceptance process from intake through closure.
• Ensure risks are clearly documented, tracked, reviewed, and communicated to the appropriate governance forums.
• Partner with risk owners, security teams, and stakeholders to gather required inputs, evidence, and compensating controls.
• Maintain accurate records of accepted risk, review dates, and remediation dependencies.
• Act as a facilitator and advisor—not the risk decision-maker—to enable transparent, well-informed governance.

Security Project & Initiative Coordination

• Coordinate delivery of Information Security initiatives across internal teams and external partners.
• Track milestones, dependencies, and status for remediation efforts, metrics collection, and risk closure activities.
• Proactively surface risks, delays, and blockers, and work with stakeholders to drive resolution.
• Standardize lightweight project tracking and reporting practices within the security organization.
• Support portfolio-level visibility into security initiatives tied to risk reduction and strategic objectives.

Communication & Stakeholder Engagement

• Serve as a trusted communication bridge between Information Security, Technology, Risk, Compliance, and business teams.
• Prepare concise executive-ready materials including briefings, decks, and written summaries.
• Support consistent messaging on security posture, risk trends, and program progress.
• Enable alignment and shared understanding across technical and non-technical audiences.

People Leadership

• Provide guidance, prioritization, and mentoring for up to one direct report.
• Balance people leadership responsibilities with hands-on delivery and ownership of key outputs.

Required Qualifications

• Bachelor’s degree in Information Security, Information Technology, Risk Management, Business, or a related field, or equivalent experience.
• 5+ years of experience in Information Security, Security Governance/Risk, or related roles.
• Proven experience delivering security metrics, dashboards, and executive or board-level reporting.
• Strong understanding of information security risk concepts, controls, and governance processes.
• Experience coordinating cross-functional initiatives in a complex enterprise environment.
• Exceptional written and verbal communication skills with the ability to influence without authority.

Preferred Qualifications

• Experience operating in a regulated or large-scale enterprise environment.
• Familiarity with security and risk frameworks (e.g., NIST, ISO 27001, CIS Controls).
• Hands-on experience with tools such as Jira, ServiceNow, GRC platforms, and reporting/visualization tools (e.g., Power BI).
• Relevant certifications (CISM, CISSP, CRISC, PMP) are a plus.

Success Factors

• Strong analytical mindset with attention to detail and data integrity
• Ability to balance tactical execution with strategic perspective
• Comfortable engaging with senior leadership and board-adjacent audiences
• Highly organized, proactive, and outcome-focused
• Collaborative and service-oriented approach to risk and governance

Compensation: The salary range for this position is $115,830.00-$128,700.00; however, the base pay offered may vary depending on job-related knowledge, skills, and experience. Bonuses and restricted stock units may be provided as part of the compensation package, in addition to a full range of benefits. Base pay is based on market location. Minimum wage for the position will always be met.