Senior Manager GRC

What’s Unique About You Is What Makes Us Better! Diversity is our strength and competitive advantage. Bring your flavor to the Papa John's team today!

Position Overview

Papa Johns is seeking a Senior Manager, Governance, Risk & Compliance to establish and operate the cybersecurity governance and risk control plane across the enterprise. This role is responsible for enabling risk-informed decision making, clear accountability, and consistent control governance across business, IT, cloud, and third-party environments. The ideal candidate will bring strong judgment, the ability to operate across organizational boundaries, and experience building and scaling GRC capabilities in complex environments.

Responsibilities

The primary responsibilities of this role include:

• Establishing and operating the enterprise cybersecurity risk management program, including risk identification, prioritization, and tracking
• Defining and enforcing risk acceptance, escalation, and accountability frameworks
• Developing executive and board-level risk reporting aligned to business impact
• Defining and governing cybersecurity policies, standards, and control frameworks aligned to industry standard frameworks
• Ensuring consistent control implementation and enforcement across IT, cloud, and business environments
• Leading exception management processes to ensure risk is explicitly understood and accepted at the right levels
• Establishing and leading the third-party risk management program, including vendor tiering and assessments
• Coordinating regulatory and audit engagements (internal and external)
• Partnering across Security, IT, Legal, Compliance, and Procurement (among others as relevant) to align risk and control expectations
• Establishing and governing the cybersecurity awareness and training program, ensuring it is aligned to enterprise risk and tailored user roles
• Overseeing control validation, testing, and assurance activities
• Ensuring governance of vulnerability management, logging, and detection capabilities
• Driving continuous improvement through risk insights, incident learnings, and control effectiveness reviews
• Managing and optimizing budget and resources to support governance, risk, and compliance capabilities

Qualifications

The successful candidate will possess the following:

• 6–10+ years of experience in cybersecurity risk management
• Proven leadership experience in building, scaling, and maturing teams and operating models
• Strong understanding of cybersecurity control frameworks
• Demonstrated ability to translate technical risk into business impact and action
• Experience building or maturing GRC programs in complex organizations
• Strong judgment in prioritization, tradeoff decisions, and stakeholder alignment
• Experience supporting or leading SOX ITGC and/or application control environments in a complex organization
• Experience establishing or evolving security awareness and behavior change programs
• Excellent communication skills and ability to influence across technical and business stakeholders
• Experience working with third-party risk, audit, and compliance functions

​

Day in the Life

This role is less about managing a checklist and more about orchestrating how the organization understands and acts on risk.

A typical day may include:

• Reviewing the enterprise risk register, identifying where risks are aging, stuck, or no longer aligned to business priorities
• Coaching and developing team members and leaders, ensuring clarity in priorities, accountability, and execution
• Meeting with Security and IT leaders to challenge and refine risk prioritization, ensuring the highest-impact issues are being addressed first
• Partnering with a business or product team to translate a technical control gap into business impact, helping them understand tradeoffs and required actions
• Working through a risk acceptance decision, ensuring the right level of leadership is engaged and the decision is documented and understood
• Aligning with Procurement and Legal on a high-risk third-party engagement, ensuring appropriate controls and risk mitigation strategies are in place
• Coordinating with vulnerability management, detection, or testing teams to ensure findings are being tracked, prioritized, and driven to resolution
• Preparing or refining executive-level reporting, focusing on what has improved, what remains at risk, and where decisions are needed
• Resolving cross-team friction where ownership, accountability, or priorities are unclear, bringing structure and clarity to move work forward

Work Environment

This is a leadership role operating across a complex, cross-functional environment. Success requires the ability to influence without authority, bring clarity to ambiguity, and align diverse stakeholders toward common risk outcomes.

Our Values

• EVERYONE BELONGS – We believe connectedness and belonging are the essential ingredients to our success.
• DO THE RIGHT THING –We are relentlessly focused on quality and integrity and make the right choices, even when it's difficult.
• PEOPLE FIRST – To craft positive experiences for our customers, we take care of each other first.
• INNOVATE TO WIN – We champion and challenge for a better way in all we do.
• HAVE FUN – We find joy, create meaningful impact and celebrate the journey together

Our Core Competencies

• EVERYONE BELONGS – We believe connectedness and belonging are the essential ingredients to our success.
• DO THE RIGHT THING –We are relentlessly focused on quality and integrity and make the right choices, even when it's difficult.
• PEOPLE FIRST – To craft positive experiences for our customers, we take care of each other first.
• INNOVATE TO WIN – We champion and challenge for a better way in all we do.
• HAVE FUN – We find joy, create meaningful impact and celebrate the journey together

Papa Johns is an equal opportunity employer.

Papa Johns is a federal contractor that participates in the E-Verify program to confirm employment eligibility for each new team member. We also comply with all Right to Work requirements. Official E-Verify and Right to Work notices are available for applicants to review in both English and Spanish.

Everybody loves pizza, which means they also love the people who are behind the scenes working to deliver it. This is complex and challenging work – but let’s face it – it’s also pizza! If you want a fulfilling career with a company that’s always moving forward, we’re the right place.

Papa John's is a Federal Contract employer who participates in E-Verify to confirm employment eligibility for each new team member. For more information please view the following PDFs: E-Verify Poster (English) - Right to Work Poster (English) - E-Verify Poster (Spanish) - Right to Work Poster (Spanish) Papa John's is an Affirmative Action and Equal Opportunity Employer. For more information please click on the following PDF. See terms & conditions for site use.