FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Manager, Security Governance, Risk & Compliance
CommerceManager of Security GRC responsible for audit programs ensuring compliance at Commerce. Leading teams and engaging with stakeholders across business units and regulatory requirements.
Posted 7/4/2026full-timeLondon • Texas • 🇺🇸 United StatesMid-LevelSenior💰 $112,870 - $169,306 per yearWebsite
Core Competencies
Role fitCore Competencies
Use this summary to align your resume positioning with the role.
Demonstrates expertise in managing enterprise-level audit programs, including PCI DSS 4.0, SOC 2, ISO 27001, and SOX, while effectively translating compliance requirements into actionable business strategies. Proven ability to collaborate cross-functionally and influence stakeholders to maintain compliance and operational efficiency.
Highest-signal resume keywords
PCI DSS 4.0 ManagementISO 27001:2022 KnowledgeSOC 2 Trust Service CriteriaGRC Framework ApplicationAudit Program Ownership
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
Information SecurityIT AuditCompliance ManagementRisk AssessmentControl Gap RemediationEvidence StrategyAudit Findings TrackingNetwork SegmentationData Flow IsolationRegulatory Requirements
Soft Skills
Stakeholder ManagementCross-Functional CollaborationInfluencing SkillsCommunication SkillsRelationship Building
Tools & Technologies
Cloud Security ToolingBC Secure Controls FrameworkNIST StandardsAudit Management SoftwareCompliance Tracking Systems
Certifications & Qualifications
PCI ISACISACISSP
Industry Keywords
GRCAudit ProgramsService Provider AssessmentsBig 4 Advisory ExperienceMulti-Framework Audit Environments
Tech Stack
Tools & technologiesCloud
About the role
Key responsibilities & impact- Own the end-to-end lifecycle of Commerce's core audit programs — PCI DSS 4.0, SOC 2 Type 2, ISO 27001, and SOX — across Commerce, Feedonomics, and Makeswift, including scoping, evidence strategy, auditor management, and final report outcomes.
- Partner with control owners across all three business units to ensure they understand their compliance obligations, maintain audit-ready evidence, and operate effectively within the BC Secure Controls Framework on an ongoing basis.
- Serve as the primary point of contact for QSAs, external auditors, and certification bodies. Defend the control environment, manage audit timelines, and minimize disruption to technical teams.
- Drive the operationalization of audit requirements into BAU workflows across all business units, reducing reliance on point-in-time evidence collection and eliminating audit fatigue organization-wide.
- Own the tracking and closure of audit findings and control gaps across Commerce, Feedonomics, and Makeswift. Partner with control owners to deliver pragmatic, risk-informed remediation plans within defined timelines.
- Direct the ongoing maturity of Commerce's PCI DSS 4.0 program, including Targeted Risk Analyses (TRAs), customized approach applicability, and annual assessment planning.
- Partner with Cloud Engineering to validate and maintain PCI scope across Commerce's global footprint, ensuring effective network segmentation and data flow isolation.
- Manage and support ISA-designated personnel; ensure the ISA function operates with rigor and consistency aligned to PCI Council standards.
- Oversee Commerce's Secure Controls Framework (SCF), built from NIST, ISO 27001, and PCI DSS, ensuring controls are designed, tested, and documented to satisfy multiple regulatory obligations simultaneously across all business units.
- Provide GRC leadership on architectural reviews, product launches, and infrastructure changes across Commerce, Feedonomics, and Makeswift to ensure regulatory requirements are addressed upstream — not as an afterthought.
- Stay ahead of emerging requirements across PCI, SOC, and ISO 27001:2022, translating regulatory changes into actionable program updates.
Requirements
What you’ll need- 6–10 years in Information Security, IT Audit, or GRC, with demonstrated ownership of enterprise-level audit programs (PCI, SOC 2, ISO 27001, or SOX).
- Proven track record managing Level 1 Service Provider assessments and navigating complex, multi-framework audit environments spanning multiple business units or legal entities.
- Demonstrated ability to work cross-functionally with control owners and operational teams, holding stakeholders accountable to their compliance obligations while maintaining strong working relationships.
- Deep working knowledge of PCI DSS 4.0, ISO 27001:2022, SOC 2 Trust Service Criteria, and SOX IT general controls.
- Ability to influence and manage cross-functional stakeholders at all levels — from engineers to executives — with clarity, diplomacy, and conviction.
- Skilled at translating compliance requirements into business-relevant language that drives enablement rather than friction.
- PCI ISA, CISA, CISSP, or equivalent audit/security certification strongly preferred.
- Prior experience at a Big 4 advisory or audit firm (Deloitte, PwC, EY, KPMG) in an IT audit, risk advisory, or security compliance capacity is a strong plus.
- Experience applying GRC frameworks in cloud-native environments and familiarity with modern cloud security tooling.
Benefits
Comp & perks- Inclusion and belonging initiatives
- Reasonable accommodations for individuals with disabilities