Governance, Risk, and Compliance (GRC) Manager

Flexera helps organizations understand and maximize the value of their technology, saving billions of dollars in wasted spend. Powered by the Flexera Technology Intelligence Platform , our award-winning hybrid IT asset management and FinOps solutions provide comprehensive visibility and actionable insights on an organization’s entire IT ecosystem. This intelligence enables IT, finance, procurement and cloud teams to address skyrocketing costs, optimize spend, mitigate risk, and identifies opportunities to create positive business outcomes. More than 50,000 global organizations rely on Flexera and its Technopedia reference library, the largest repository of technology asset data. Governance, Risk, and Compliance (GRC) Manager - UK, remote We are looking for a highly experienced and knowledgeable Governance, Risk, and Compliance (GRC) Manager to join our Information Security team. The chosen individual will oversee our SOC 2 Type II and ISO 27001 certifications and evaluate additional frameworks such as FedRAMP, Cyber Essentials, GDPR, and CSA Star Level 1. This role will also involve addressing customer assessment questionnaires and audits, both pre- and post-sales. Key Responsibilities Manage and sustain the company's multiple security certifications. Evaluate and implement additional compliance frameworks, standards, or best practices such as FedRAMP and the NIST Software Supply Chain Security Guidance. Continuously manage the ISO 27001 Information Security Management System to ensure compliance and annual recertification eligibility. Conduct risk assessments, maintain the risk register, report on risk, and work with various internal teams to mitigate risks across the organization. Proactively identify areas for improvement within the security program and lead efforts to address and remediate these areas. Develop and manage the company’s vendor risk management program. Ensure adherence to contractual, regulatory, and industry standards. Ensure organizational readiness for external audits. Manage pre- and post-sales customer assessment questionnaires and customer audits. Develop, implement, and maintain comprehensive information security documentation, including policies, procedures, standards, guidelines, and diagrams. Recommend and implement policy and procedure changes in response to evolving security landscapes. Collaborate with various teams to integrate compliance and risk management processes into daily operations. Understand the role of systems and technology within the firm and their value to the business. Promote a culture of information security across all business units. Provide training and awareness programs on GRC-related topics for employees. Work with IT and business units to implement effective cybersecurity measures and integrate security practices into business processes. Assisting with data governance activities, producing data flow diagrams, and guiding information rights management/protection. Market the security program externally putting together collateral to speak to the robustness of the program. Requirements: Bachelor’s degree in Information Security, Computer Science, or a related field; a Master's degree is a plus. A minimum of 5 years of experience in a similar role within a software development and SaaS environment. Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified ISO 27001 Lead Auditor are highly advantageous. In-depth knowledge of SOC 2 Type II, ISO 27001, FedRAMP, Cyber Essentials, GDPR, CSA Star Level 1 frameworks, and PCI-DSS. Strong understanding of governance, risk, and compliance principles. Excellent analytical, problem-solving, and decision-making skills. Strong communication and interpersonal skills with the ability to interact with all levels of the organization. Ability to manage multiple projects and meet deadlines in a fast-paced environment. High attention to detail and organizational skills. Demonstrable experience in GRC and comfortable working across the breadth and depth of a large multi-cloud security compliance program. Ability to prioritize and track multiple projects in parallel. Experience in security-related analysis, creating metrics and dashboards, and summarizing large data sets. Prior experience in working with a GRC tool implementation (e.g., HyperProof) Advanced technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures. Ability to think strategically about risks and tie those risks to tactical organizational activities. A passion for developing talent and fostering a collaborative team environment.