Manager, IT and Cybersecurity Governance, Risk, and Compliance

CFA Institute is seeking a hands-on, highly organized Manager, IT & Cybersecurity Governance, Risk & Compliance (GRC) to help design, implement, and operate a world-class GRC program. In this cross-functional role, you’ll coordinate governance activities, run enterprise risk assessments, drive compliance initiatives, and translate complex requirements into practical controls that protect our members, employees, and data. You’ll report to the Senior Director, IT & Cybersecurity GRC and partner closely with Legal, IT, and Operations to align security with business goals.

Please note: CFA Institute does not provide work authorization or visa sponsorship (including student or temporary worker visas) for this position.

What You’Ll Do

• Lead the development, rollout, and maintenance of cybersecurity policies, standards, and procedures.
• Own enterprise-wide IT and cybersecurity risk assessments; synthesize results and brief senior leadership.
• Manage remediation tracking, metrics, and dashboards to monitor risk reduction and program maturity.
• Oversee external audits and certification efforts (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA) from planning through remediation.
• Partner with Legal and business stakeholders to interpret regulatory obligations (e.g., GDPR, CCPA, HIPAA) and embed them in processes and controls.
• Coordinate third-party/vendor risk management, escalate material risks, and advise stakeholders on treatment options.
• Develop engaging content for cybersecurity awareness campaigns and training programs.
• Provide guidance and informal leadership to staff and contractors.

What You’Ll Bring

Minimum Qualifications

• Bachelor’s degree in cybersecurity, information systems, or related field.
• 5–7+ years in cybersecurity GRC, IT audit, or compliance.
• Practical knowledge of NIST CSF, ISO 27001, and COBIT; familiarity with GDPR/CCPA/HIPAA.
• Demonstrated experience running external audits and maintaining compliance certifications.
• Clear, concise communicator able to brief leadership and collaborate across technical and non-technical teams.
• Strong project management, organization, analysis, and documentation skills; ability to manage multiple initiatives and deadlines.
• Proactive, team-oriented mindset with a commitment to continuous improvement.

Preferred Qualifications

• Advanced degree in cybersecurity, information assurance, or related discipline.
• Professional certifications such as CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor.
• Experience with GRC platforms (e.g., Archer, ServiceNow GRC), risk analytics/metrics design, and dashboarding.
• Background implementing controls in cloud environments (e.g., AWS, Azure) and coordinating privacy/security by design with product/engineering.
• Experience maturing vendor risk management and security awareness programs at scale.

Why Join Us?

• Impact at scale: Your work will directly shape our global security posture and safeguard a mission-driven organization serving a worldwide community.
• Cross-functional leadership exposure: Collaborate with senior leaders across Legal, Technology, and Operations, translating strategy into executable controls.
• Growth & learning: Bring your curiosity and growth mindset—we encourage experimentation, continuous learning, and professional development.
• Values-driven culture: We prize authenticity, courage, accountability, agility, and a global perspective in everything we do.

At CFA Institute, we are committed to transparency and equity in our hiring process. In compliance with wage transparency laws in many of the jurisdictions in which we recruit, we provide the following information regarding compensation for this position:

Expected salary range: $120,000 - $140,000

Other benefits include eligibility for annual incentives, 12% retirement employer contribution, and competitive medical benefits.

All salary ranges are subject to adjustment based on experience, education, and other factors relevant to the position. CFA Institute is an equal opportunity employer and encourages applications from all qualified individuals.

#Li-Ml1

About Cfa Institute

CFA Institute are the global leader in investment excellence and ethics. With nearly 200,000 charterholders across 160 markets, we drive professional growth, ethical behavior, and better markets. We care about our employees’ well-being, offering industry-leading benefits like:

• Comprehensive health coverage for you and your family
• Generous leave and time off

• Competitive Retirement Plans

• Flexible Work Options

• Wellness, education, and support programs

If you feel this opportunity could be the next step in your career, we encourage you to click “Apply” and complete our three-minute application.

Be part of a team committed to putting investors first and growing economies. Follow us @CFAInstitute on LinkedIn and X.

Important Message: Your application must clearly demonstrate how you meet the requirements as CFA Institute cannot make assumptions about your education, experience, or location. We thank all those who apply. Only those selected for further consideration will be contacted.

We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics: any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, religion, creed or belief, age, marital or partnership status, marital or family status, care giver status, pregnancy and maternity, sexual and other reproductive health decisions, physical abilities/qualities, disability, sexual orientation, gender, gender identity or expression, predisposing genetic characteristic, military or veteran status, status as a victim or witness of domestic violence or sex offense or stalking, unemployment status, infectious disease carrier status, migrant worker status, educational background, socio-economic status, geographic location and culture or any other basis protected by applicable law. This policy impacts all aspects of employment, including but not limited to, recruitment, hiring, compensation, training, development, promotion, demotion, layoff, recall, furlough, transfer, leave of absence, and dismissal. This is a global policy that applies to all CFA Institute employees, regardless of location.

If, due to a disability or current medical condition, you need an accommodation or assistance to complete a job application, you can request one at any stage of the recruitment process. Please send an email to humanresources@cfainstitute.org noting the accommodations or assistance you are requesting. Please do not include any medical or health information in this email. We will review your request and contact you to discuss the possible options and arrangements. We will try our best to provide you with an accommodation or assistance that meets your needs and respects your preferences.

Our application is not compatible with Internet Explorer (IE). We recommend using Chrome.