Senior Manager, Governance, Risk & Compliance

Description

The Senior Manager, GRC (Governance, Risk, and Compliance) will lead the strategy, implementation, and effective management of Bloom Energy’s GRC framework. The role focuses on aligning security policies and procedures with business goals, managing enterprise‑level cyber security risks in a central risk register, and ensuring compliance with laws and standards such as ISO 27001, CIS, GDPR, and PCI‑DSS.

Key responsibilities include developing and maintaining security policies, procedures, frameworks, and standards; driving an enterprise‑wide security training program; overseeing cyber security risk assessments, vulnerability mitigation, and third‑party risk; and maintaining the central risk register in collaboration with the enterprise risk management function. The manager also supports sales by completing security questionnaires, ensures adherence to internal policies and external regulations, and serves as the primary liaison with external auditors.

Leadership duties involve mentoring the GRC team, fostering a culture of compliance, and driving strategic GRC initiatives while collaborating with IT, legal, engineering, and business leaders to provide executive reporting and stakeholder management. Reporting responsibilities include establishing metrics to track policy and compliance adherence and delivering regular risk insights to senior management.

• Develop and maintain security policies, procedures, frameworks, and standards aligned with business objectives.
• Drive an enterprise‑wide security training program.
• Oversee cyber security risk assessments, identify vulnerabilities, implement mitigation strategies, and maintain a central risk register.
• Manage third‑party risk and collaborate with the enterprise risk management function.
• Support sales by completing security questionnaires promptly.
• Ensure compliance with internal policies and external regulations such as ISO 27001, CIS, NIST CSF, GDPR, CCPA, NERC‑CIP, and SOX.
• Act as primary liaison with external auditors for security compliance.
• Lead, mentor, and grow the GRC team while fostering a compliance culture.
• Collaborate with IT, legal, engineering, and business leaders; provide executive reporting on risk and compliance status.
• Establish metrics to track policy adherence and deliver regular risk insights to senior management.
• Identify and implement efficiency improvement initiatives and maintain high standards of quality.
• Work flexible hours with global teams and pursue relevant compliance certifications.

Requirements

The ideal candidate has a strong background in IT security, risk management, and compliance, with expertise in frameworks such as ISO 27001, NIST CSF, and CIS, and experience in security and vulnerability management, change management, and automated evidence collection. Excellent leadership, communication, strategic thinking, and stakeholder management skills are required, along with experience using GRC tools and the ability to drive efficiency improvements.

A bachelor’s degree is preferred, together with 12+ years of relevant industry experience, including at least 7 years in compliance roles, and familiarity with standards such as ISO 27001, GDPR, CIS, and NIST CSF. Candidates should be willing to obtain relevant compliance certifications and work flexible hours with a global team.

• Possess strong expertise in IT security, risk management, and compliance, including experience with GRC tools and automated evidence collection.
• Demonstrate excellent leadership, communication, stakeholder management, strategic thinking, and problem‑solving abilities.
• Bachelor’s degree preferred; 12+ years industry experience with 7+ years in compliance; familiarity with ISO 27001, GDPR, CIS, and NIST CSF.

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance