ABOUT THIS ROLE

LVT is actively seeking a highly motivated and detail-oriented Information Security Manager (GRC) to join our growing Information Security team. This role will report directly to the Information Security Director (GRC). This position is designed for an individual eager to delve deeply into the operational aspects of Governance, Risk, and Compliance, directly supporting LVT’s steadfast commitment to security excellence and regulatory adherence as the business continues its innovative scaling.

LVT values managing risk in alignment with our customer’s and stakeholder’s expected levels. We design, implement, and monitor controls that reduce real risk. The Information Security Manager (GRC) will play an instrumental role in driving key operational GRC initiatives. The primary focus of this hands-on position will be the end-to-end management of LVT’s SOC 2 audit processes, initiating third-party risk assessments, actively contributing to the policy review and approval lifecycle, and documenting and treating risks in our risk register.

Fostering collaborative relationships and good communication is critical as you will work closely with cross-functional teams across the organization to integrate GRC standards and principles into LVT’s operations. This role demands exceptional organizational skills, both strategic vision and tactical efforts, and the ability to build and mentor a team of security professionals to meet both current and future GRC challenges.

ROLE RESPONSIBILITIES

• Manage LVT’s annual SOC 2 audit and other audits as necessary.
• Collaborate with IT, Finance, and Legal to represent Information Security in various cross-functional processes including vendor risk, contractual terms , and customer security questions.
• Identify inefficiencies in different GRC processes and improve them.
• Design and manage regular internal audits of security controls.
• Implement automated control monitoring and evidence collection.
• Create, review, and maintain LVT’s security policies.
• Maintain LVT’s risk register to ensure accurate and timely recording of identified risks and their mitigation statuses.
• Build strong relationships with risk owners to drive program buy-in, accountability, and ownership.
• Work with SalesOps to develop an approach to customer security questionnaires.
• Mature our public-facing Security Trust Center to enhance transparency, showcase LVT’s commitment to security, and streamline the sales process.
• Identify and operationalize ways to automate tools and processes to improve LVT’s compliance program efficiency and collaboration across multiple teams.
• Establish and maintain measurable GRC program metrics to quantify effectiveness, highlight progress, and drive continuous improvement.

OUR IDEAL CANDIDATE

• 5+ years of experience with Information Security, GRC or IT Audit roles, demonstrating a growing understanding of GRC concepts and methodologies.
• Experience managing a GRC function and staff.
• Effective writing skills for tasks such as policy review and approval, developing risk treatment plans, and creating audit documentation and responses for external auditors.
• Strong organizational skills and attention to detail for managing documentation, audit evidence, and maintaining accurate GRC records.
• Proven track record of developing and implementing policies and procedures, assessing and prioritizing risks, and maturing security compliance programs.
• Substantial experience with regulatory frameworks and standards, such as NIST, SOC 2, ISO 27001, and FedRAMP.
• Experience communicating detailed security concepts, risks, and controls to both technical and non-technical stakeholders.
• Outstanding interpersonal and leadership skills that inspire collaboration and drive alignment across teams.
• Demonstrates an ability to lead effectively in dynamic, fast-paced environments, balancing strategic vision with tactical execution to respond to evolving security needs.
• Experience working with GRC platforms (e.g., Drata, Vanta, ZenGRC) and project management tools (e.g., Jira, Asana) is a plus.
• A Bachelor's degree in Information Security, Computer Science, Information Technology, Business, or a related field, or equivalent practical experience, is preferred.
• Relevant professional certifications such as CISSP, CompTIA Security+, CISA, or CRISC are highly desirable.