Senior Cybersecurity Governance, Risk and Compliance (GRC) Manager

IMPACT YOU’LL MAKE: 

As the Senior Cybersecurity GRC Manager at BECU, you’ll be at the forefront of protecting our members and organization by shaping how we manage cyber risk across the enterprise. You’ll lead efforts to ensure cybersecurity risks are visible, well-understood, and actively integrated into broader enterprise risk strategies. Your work will directly influence how we govern, measure, and improve our cybersecurity posture, helping BECU stay resilient in a rapidly evolving digital landscape. This role will be heavily focused on building out and operationalizing our PCI-DSS compliance program across BECU payment channels.  

This is your opportunity to make a meaningful impact—by driving awareness, building strong governance frameworks, and empowering teams to manage risk confidently. You’ll be a trusted advisor, a strategic thinker, and a hands-on leader who helps BECU stay secure, compliant, and future-ready. 

To join our dynamic team, we require candidates to be residents of WA, OR, ID, AZ, TX, GA, or SC. If you’re located in Washington state and within a reasonable driving distance from Tukwila, we are requesting that you come into our HQ on Tuesdays & Wednesdays.  For those candidates that live outside the commute distance of TFC and in any of our approved remote work locations, this role will be remote. Remote or onsite, we are committed to ensuring you are fully engaged and included in our collaborative environment. 

WHAT YOU’LL DO: 

• Lead Cybersecurity GRC Strategy: Drive the development and continuous improvement of BECU’s Cybersecurity Governance, Risk, and Compliance program in partnership with leadership.  

• Interpret Regulatory Requirements: Collaborate with legal and compliance teams to translate cybersecurity-related laws and regulations into actionable policies and controls. 

• Provide Risk Oversight: Offer expert guidance and credible challenges to ensure cyber risks are identified, owned, and actively managed across the organization. 

• Design Risk Controls & Dashboards: Develop system and business controls, dashboards, and visibility tools to track risk ownership and status. 

• Support Cyber Risk Register: Contribute to the ongoing development and maintenance of the Cyber Risk Register, ensuring risks are documented and prioritized. 

• Monitor Compliance & Escalate Issues: Analyze security data and processes to identify potential compliance gaps, escalating issues when necessary. 

• Manage Enterprise Risk Operations: Oversee cybersecurity-related risk artifacts such as findings, exceptions, standards, and guidelines to support reporting and treatment activities. 

• Drive Security Awareness: Partner with HR and Communications to develop engaging security awareness content and track program effectiveness through metrics. 

• Develop Risk Metrics & Reporting: Create and maintain key performance indicators (KPIs) and risk metrics to communicate cybersecurity performance and risk posture. 

• Advise on Governance Processes: Support internal stakeholders in applying cybersecurity governance processes, including standards, guidelines, and committee expectations. 

• Adapt Policies to Evolving Threats: Continuously update cybersecurity policies and standards to reflect changes in technology, threats, and organizational needs. 

• Collaborate Across Teams: Work closely with business units, IT, and third-party vendors to ensure cybersecurity governance is embedded in daily operations. 

This isn’t just about ticking off tasks on a list. It's about making a significant, positive change in BECU’s journey, where your contributions are valued, and your growth is continually fostered. 

WHAT YOU’LL GAIN: 

BECU is looking for a cybersecurity leader who thrives in a dynamic, collaborative environment. If the following resonates with you, this could be your next big move: 

• A chance to shape enterprise-wide cybersecurity governance and risk strategy; with a heavy focus towards PCI-DSS program development. Opportunities to work with legal, compliance, and regulatory bodies on high-impact initiatives. 

• A culture that values innovation, integrity, and continuous learning. 

• The ability to influence how cybersecurity risk is measured, reported, and managed. 

• A supportive environment where your expertise is respected, and your growth is encouraged. 

• Exposure to GRC frameworks like NIST CSF, FFIEC, GLBA, PCI/DSS, and SOX. 

• A role that blends strategic thinking with hands-on leadership and cross-functional collaboration. 

QUALIFICATIONS: 

Minimum Qualifications 

• Typically requires a bachelor’s degree in information security, Computer Science or related field, or equivalent work or education-related experience.  

• Typically requires 7 years of cybersecurity experience or related experience in IT, Compliance, or Audit, including hands on management of PCI DSS compliance and CDE. 

• One or more of the following certifications, or equivalent certifications, preferred: CISSP, CCSP, CISM, GIAC, CISA, CRISC, or PCI-related certifications, including PCIP, ISA, or QSA. 

• Expertise leveraging established GRC frameworks, such as Federal Financial Institutions Examination Council (FFIEC) guidance, Graham Leach Bliley Act (GLBA) controls, Payment Card Industry Data Security Standard (PCI/DSS) controls, Sarbanes- Oxley (SOX), NIST CSF and other relevant laws and regulations; especially in the use of frameworks to increase cybersecurity maturity capabilities and its application in an enterprise environment required. 

• Demonstrated ability to collaborate and influence stakeholder and partner with organizational leadership and management, including vendors and third parties required.  

• Working knowledge of governance, risk, and compliance (GRC) tools and automation of risk evaluation, integration with enterprise risk functions, and reporting required.  

Desired qualifications

• Advanced degree preferred. 

• Knowledge of information and security systems to identify risk exposure, including third party-related cyber risk.  

• Experience working independently, and as a team member, while using discretion in decision making and sound judgment in problem solving.  

• Experience setting goals and objectives pertaining to training needs and lesson plans, effectively present programs, and provide training materials to individuals and groups.  

• Working knowledge of the role of firewalls, vulnerability management, penetration testing, server and desktop configuration and controls, and encryption.  

• Demonstrated ability to share knowledge and assist others in understanding technical and business topics.  

JOIN THE JOURNEY:

Ready to make an indelible impact? Eager to be a part of a collaborative and innovative team where your ideas and contributions don’t just fill a role, but fuel the growth and success of BECU? This is more than a job – it’s a chance to elevate your career, skills, and future, all while contributing to the robust technological landscape of BECU. 

Embrace the opportunity to grow with us. Apply now, bring your expertise to the table, and let’s achieve excellence together at BECU. Your journey of influence, innovation, and impactful contribution starts now. 

#BECU #YourGrowth #BECUJourney