Sr. Manager, IT Security - GRC
Swire Coca Cola USA, Draper, UT, United States
Who is Swire Coca-Cola? We are a family-owned bottling company with a story spanning over two centuries. We are one of the largest bottlers of Coca-Cola in North America and distribute more than 50 beverage brands and flavors creating joy for our customers every day. Our 8,000+ driven employees work hard as part of a team that delivers refreshment to over 30 million consumers across 13 states. Begin a journey with us at Swire Coca-Cola and belong to a community of dedicated team members who think big and believe in winning together.
Why you'll love working at Swire Coca-Cola:
Swire Coca-Cola is committed to providing balance to support you in all aspects of your life, both at work and beyond. We offer the benefits you need for physical, financial, and emotional well-being.
Health coverage (3 medical options, dental and vision). 401(k) Retirement Plan w/company match
Health Savings Accounts w/company match
FREE virtual primary care, acute care and physical therapy
FREE Employee Assistance Program
Company paid (vacation, holidays, sick time, bereavement, jury duty, maternity/parental, disability leave and volunteer time)
Discounted & free product
Tuition reimbursement
Opportunities for career advancement
In addition to health benefits, Swire Coca-Cola is proud to offer you opportunities where you help give back directly to the communities and causes you care about. Note: Enrollment in a Swire Medical Plan is required for some benefits.
Job Details:
Job Level: 7
What does the Sr. Manager, Governance, Risk & Compliance (GRC) - Cybersecurity do at Swire Coca-Cola?
Swire Coca-Cola is seeking a Sr. Manager, IT Security - GRC to lead and mature our cybersecurity governance, risk management, and compliance programs. This role is responsible for ensuring cybersecurity risks are identified, managed, and communicated effectively while aligning security controls with regulatory, contractual, and business requirements. The GRC Manager partners closely with IT Infrastructure, Security Operations, Legal, Internal Audit, and business leaders to enable secure and compliant operations across the enterprise.
This role requires a strong balance of cybersecurity expertise, risk management discipline, and business acumen, with the ability to translate technical security risks into clear business impact for executive and senior leadership audiences.
Responsibilities:
Governance & Program Management:
Lead and mature the enterprise cybersecurity governance, risk, and compliance (GRC) program, including policies, standards, procedures, and metrics
Maintain and align cybersecurity frameworks with industry standards such as NIST CSF, ISO 27001, CIS, and SOC 2
Mature and oversee security risk tolerance, exception management, and control ownership processes
Ensure cybersecurity governance aligns with enterprise risk management (ERM) objectives
Risk Management:
Lead cybersecurity risk assessments, control gap analyses, and third-party risk assessments
Maintain the enterprise cyber risk register, including risk scoring, treatment plans, and remediation tracking
Partner with technical and business teams to ensure risks are mitigated, transferred, or formally accepted
Translate technical threats and vulnerabilities into clear, business-focused risk statements
Compliance & Assurance:
Manage cybersecurity compliance initiatives for regulatory, industry, and contractual obligations (e.g., SOC 2, ISO, SOX, HIPAA, PCI, privacy frameworks)
Act as primary liaison for internal and external audits, coordinating evidence collection and remediation activities
Support customer security assessments, due diligence requests, and RFP responses
Monitor regulatory changes and assess organizational impact
Metrics, Reporting & Communication:
Develop and maintain cybersecurity risk and compliance metrics for leadership
Create dashboards and reports that clearly communicate risk posture, trends, and remediation status
Present risk assessments, recommendations, and program updates to senior leadership
Leadership & Collaboration:
Lead, mentor, and develop GRC engineers, analysts or contributors
Collaborate with Security Operations, Engineering, Legal, Internal Audit, and Procurement teams
Promote risk-aware decision-making and a culture of security accountability
Requirements
Bachelor's Degree in Information Security, Information Technology, Risk Management, or a related field
7+ years of experience in cybersecurity, risk management, compliance, or audit roles
3+ years of experience in a GRC leadership or senior individual contributor role
Strong working knowledge of NIST CSF, ISO 27001, SOC 2, and cybersecurity risk assessment methodologies
Experience managing audits, compliance programs, and enterprise risk registers end-to-end
Excellent written and verbal communication skills, with the ability to influence senior leaders
Proven ability to balance security requirements with business objectives
Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or OneTrust preferred
Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer preferred
#LI-HH1
Come and join our Sparkling team!
Due to the nature of our work and to help maintain a safe workplace for our employees and customers, after a candidate receives a conditional offer of employment, they will be required to complete pre-employment screening. This includes a criminal background check, drug screening, and for certain roles, a motor vehicle record review.
Screening results are evaluated based on several factors, including the nature and severity of an offense, how much time has passed, the relevance to the position, patterns of repeated offenses, and driving history for roles that require operating a vehicle.
All results are reviewed fairly and in accordance with applicable state and federal laws, including the Fair Credit Reporting Act.
Swire Coca-Cola is an equal employment opportunity and affirmative action employer that participates in the E-Verify program as required by law. All qualified applicants will receive consideration for employment without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status or other legally protected characteristics. Swire Coca-Cola does not sponsor applicants for work visas.
Why you'll love working at Swire Coca-Cola:
Swire Coca-Cola is committed to providing balance to support you in all aspects of your life, both at work and beyond. We offer the benefits you need for physical, financial, and emotional well-being.
Health coverage (3 medical options, dental and vision). 401(k) Retirement Plan w/company match
Health Savings Accounts w/company match
FREE virtual primary care, acute care and physical therapy
FREE Employee Assistance Program
Company paid (vacation, holidays, sick time, bereavement, jury duty, maternity/parental, disability leave and volunteer time)
Discounted & free product
Tuition reimbursement
Opportunities for career advancement
In addition to health benefits, Swire Coca-Cola is proud to offer you opportunities where you help give back directly to the communities and causes you care about. Note: Enrollment in a Swire Medical Plan is required for some benefits.
Job Details:
Job Level: 7
What does the Sr. Manager, Governance, Risk & Compliance (GRC) - Cybersecurity do at Swire Coca-Cola?
Swire Coca-Cola is seeking a Sr. Manager, IT Security - GRC to lead and mature our cybersecurity governance, risk management, and compliance programs. This role is responsible for ensuring cybersecurity risks are identified, managed, and communicated effectively while aligning security controls with regulatory, contractual, and business requirements. The GRC Manager partners closely with IT Infrastructure, Security Operations, Legal, Internal Audit, and business leaders to enable secure and compliant operations across the enterprise.
This role requires a strong balance of cybersecurity expertise, risk management discipline, and business acumen, with the ability to translate technical security risks into clear business impact for executive and senior leadership audiences.
Responsibilities:
Governance & Program Management:
Lead and mature the enterprise cybersecurity governance, risk, and compliance (GRC) program, including policies, standards, procedures, and metrics
Maintain and align cybersecurity frameworks with industry standards such as NIST CSF, ISO 27001, CIS, and SOC 2
Mature and oversee security risk tolerance, exception management, and control ownership processes
Ensure cybersecurity governance aligns with enterprise risk management (ERM) objectives
Risk Management:
Lead cybersecurity risk assessments, control gap analyses, and third-party risk assessments
Maintain the enterprise cyber risk register, including risk scoring, treatment plans, and remediation tracking
Partner with technical and business teams to ensure risks are mitigated, transferred, or formally accepted
Translate technical threats and vulnerabilities into clear, business-focused risk statements
Compliance & Assurance:
Manage cybersecurity compliance initiatives for regulatory, industry, and contractual obligations (e.g., SOC 2, ISO, SOX, HIPAA, PCI, privacy frameworks)
Act as primary liaison for internal and external audits, coordinating evidence collection and remediation activities
Support customer security assessments, due diligence requests, and RFP responses
Monitor regulatory changes and assess organizational impact
Metrics, Reporting & Communication:
Develop and maintain cybersecurity risk and compliance metrics for leadership
Create dashboards and reports that clearly communicate risk posture, trends, and remediation status
Present risk assessments, recommendations, and program updates to senior leadership
Leadership & Collaboration:
Lead, mentor, and develop GRC engineers, analysts or contributors
Collaborate with Security Operations, Engineering, Legal, Internal Audit, and Procurement teams
Promote risk-aware decision-making and a culture of security accountability
Requirements
Bachelor's Degree in Information Security, Information Technology, Risk Management, or a related field
7+ years of experience in cybersecurity, risk management, compliance, or audit roles
3+ years of experience in a GRC leadership or senior individual contributor role
Strong working knowledge of NIST CSF, ISO 27001, SOC 2, and cybersecurity risk assessment methodologies
Experience managing audits, compliance programs, and enterprise risk registers end-to-end
Excellent written and verbal communication skills, with the ability to influence senior leaders
Proven ability to balance security requirements with business objectives
Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or OneTrust preferred
Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer preferred
#LI-HH1
Come and join our Sparkling team!
Due to the nature of our work and to help maintain a safe workplace for our employees and customers, after a candidate receives a conditional offer of employment, they will be required to complete pre-employment screening. This includes a criminal background check, drug screening, and for certain roles, a motor vehicle record review.
Screening results are evaluated based on several factors, including the nature and severity of an offense, how much time has passed, the relevance to the position, patterns of repeated offenses, and driving history for roles that require operating a vehicle.
All results are reviewed fairly and in accordance with applicable state and federal laws, including the Fair Credit Reporting Act.
Swire Coca-Cola is an equal employment opportunity and affirmative action employer that participates in the E-Verify program as required by law. All qualified applicants will receive consideration for employment without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status or other legally protected characteristics. Swire Coca-Cola does not sponsor applicants for work visas.