Manager of Governance, Risk, and Compliance (GRC)

Job Description:

The Manager of Governance, Risk, and Compliance (GRC) will lead governance, risk, and compliance initiatives across the insurance software business unit, ensuring alignment with corporate cybersecurity standards, regulatory frameworks, and customer contractual obligations. This role bridges enterprise cybersecurity policy and SaaS-specific operations, overseeing risk management, control assurance, and audit readiness activities. The ideal candidate will have strong experience in commercial cloud security, risk assessment, and compliance (i.e., SOC 1 & 2, NIST, GDPR, ISO 27001 etc.), and will collaborate with product, engineering, and operations teams to embed security governance and compliance into the software development and service delivery lifecycle.

Required Qualifications and Experience:

Education:

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.

Experience:

• 7+ years of progressive experience in cybersecurity and information technology, with a minimum of 3 years focused on GRC functions
• Experience managing risk and compliance for commercial cloud-hosted environments (AWS, Azure, Google)
• Hands-on experience with compliance frameworks such as: SSAE 18 (SOC 1 & 2), ISO 27001/27701, NIST 800-53, NIST CSF, CIS
• Familiar with GDPR, CCPA and/or other data protection regulations
• Proven ability to manage audits, compliance assessments, and evidence collection in a fast-paced environment
• Strong understanding of DevSecOps, CI/CD pipelines, and shared responsibility models for software application security
• Demonstrated experience with risk management tools (e.g., Archer, ServiceNow GRC, OneTrust, LogicGate, etc.)
• Excellent communication and stakeholder management skills across technical and executive audiences

Preferred:

• CISM, CISA, CISSP, GSLC, or equivalent
• Master’s degree or equivalent work experience.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

If you are an applicant from the United States, Guam, or Puerto Rico

DXC Technology Company (DXC) is an Equal Opportunity employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, pregnancy, veteran status, genetic information, citizenship status, or any other basis prohibited by law. View postings below .

We participate in E-Verify. In addition to the posters already identified, DXC provides access to prospective employees for the Federal Minimum Wage Poster, Federal Polygraph Protection Act Poster as well as any state or locality specific applicant posters. To access the postings in the link below, select your state to view all applicable federal, state and locality postings. Postings are available in English, and in Spanish, where required. View postings below.

Postings Link

Disability Accommodations

If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, you may request a reasonable accommodation by contacting us via email.

Please note: DXC will respond only to requests for accommodations due to a disability.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.