Job Description

Job title : GRC Program Manager
Location : Any US; Remote
Duration: 1 year with possible extension

Must Haves:

1.- Tools ServiceNow and/or CMDB
2.- Risk Management
3.- Program Manager


Any combination of the 3 above but #1 is a must




Job Description:


Overview


We are seeking a GRC Program Manager to partner closely with ServiceNow Delivery Operations and CMDB teams to enable the successful implementation and ongoing transformation of ServiceNow and the CMDB. This role will embed risk management and "governance by design" into delivery-helping ensure the platform, data, processes, and operating model meet regulatory expectations, internal standards, and audit requirements while supporting speed and quality of execution.


Responsibilities


Partner with ServiceNow Delivery Operations and CMDB stakeholders to integrate risk management into the platform implementation and continuous improvement roadmap.


Establish and drive a governance-by-design approach for ServiceNow and CMDB (controls, standards, approvals, and guardrails built into delivery processes).


Perform risk assessments for ServiceNow/CMDB initiatives (scope changes, integrations, data migration, releases), documenting risks, mitigations, owners, and dates to closure.


Define and facilitate governance forums (steering/working groups) to review risk posture, key decisions, exception requests, and delivery readiness.


Build and maintain a risk register for the ServiceNow/CMDB program, including dependencies, key control gaps, and remediation plans.


Support development of strong CMDB risk practices, including data quality controls, lifecycle governance, ownership (RACI), and critical configuration item (CI) standards.


Assess and monitor risks across key areas such as: access management, segregation of duties, change/release management, SDLC controls, data integrity, resiliency/DR, vendor risk, and interface/integration controls.


Create clear executive reporting (KRIs/KPIs) for platform and data risk: data completeness/accuracy, reconciliation outcomes, stale/aging CIs, unauthorized changes, control exceptions, overdue remediation items.


Coordinate with Cybersecurity, IT Risk, Compliance, and Audit (1LoD/2LoD alignment) to ensure requirements are understood and evidenced without slowing delivery.


Support audit and exam readiness for ServiceNow/CMDB by maintaining traceable documentation, decisions, and evidence of control execution.


Help mature operating procedures and playbooks for ongoing transformation (release gates, risk acceptance, exception management, control testing cadence).






Success Measures


Measurable reduction in high/critical risks and aging remediation items tied to ServiceNow/CMDB delivery.


Improved CMDB data quality (completeness, accuracy, timeliness) and reduced unauthorized/incorrect CI changes.


Consistent execution of delivery governance (controls embedded in intake, release, and operational processes).


Improved audit/exam outcomes through strong evidence, clear decisioning, and sustained control operation.


Higher stakeholder confidence and transparency through actionable, timely risk reporting.

Job Tags

Similar Jobs