IT Governance, Risk and Compliance Manager

The Mission Are you a GRC expert who sees compliance not as a checkbox, but as a competitive advantage? Are you driven to build, not just maintain? We are seeking an IT Governance, Risk and Compliance Manager to be the strategic owner of our global security trust and assurance program. This is not a typical GRC role. You will be the architect of the framework that secures our “license to operate” in the world’s most demanding markets, from Aerospace & Defense to Medical Technology. Reporting directly to the CISO, you will have the visibility and autonomy to build a world-class GRC function from a strong foundation, with direct visibility to our Board. Your mandate is to translate complex regulatory, client, and business requirements into a measurable and auditable control environment. While the title says IT, your scope is the entire digital landscape—from the corporate network to the factory floor’s Operational Technology (OT). What You’ll Do: Architect Our Compliance Advantage: You will own the strategy and lead the execution of our key compliance programs, including CMMC, NIS2, and ISO 27001 . You will be our single point of contact for clients and auditors, turning our security posture into a key sales enabler. Build an Investor-Grade Risk Program: Develop and manage the unified cyber risk register for both IT and OT environments. You will conduct rigorous risk assessments, define and track Key Risk Indicators (KRIs), and provide quantifiable risk insights directly to executive leadership and our board. Secure the Digital and Physical Worlds: You will extend our GRC framework into our manufacturing facilities, applying standards like ISA/IEC 62443 to manage the unique risks of Industrial Control Systems (ICS). Fortify Our Supply Chain: Design and implement our Third-Party Risk Management (TPRM) program. You will be responsible for assessing the security of our critical suppliers and mitigating one of our most significant attack vectors. Lead the Human Element of Security: Drive the strategy for our security awareness program, using data from phishing simulations and training campaigns to strengthen our human firewall and foster a culture of security. What You’ll Bring (Required Qualifications): A minimum of 5 years of experience in cybersecurity, with at least 3 years in a senior Governance, Risk, and Compliance (GRC) role. Demonstrable, hands-on experience building and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2022 . Deep expertise in technology risk assessment methodologies and maintaining a corporate risk register. Proven experience developing, writing, and managing the lifecycle of corporate information security policies and standards. Excellent communication skills, with the ability to translate complex technical risks into clear business language for executive and board-level audiences. What Will Make You Stand Out (Preferred Qualifications): Direct experience implementing and managing compliance programs for CMMC or the NIS2 Directive . Experience with risk quantification frameworks for reporting to corporate management. Familiarity with modern GRC platforms (e.g., ServiceNow GRC, OneTrust, LogicGate). Relevant professional certifications (e.g., CISSP, CISM, CRISC). Experience with Operational Technology (OT) / Industrial Control Systems (ICS) security frameworks, particularly ISA/IEC 62443. Why This is a Unique Opportunity: Impact: This is a “builder” role. You will shape the future of our security program with a high degree of autonomy. Visibility: You will have a direct line to the highest levels of the organization, including our BoD. Your work will be critical to the company’s strategic goals. Challenge: The convergence of IT and OT security is one of the most complex and exciting challenges in cybersecurity. You will be at the forefront of securing a multinational manufacturing enterprise. If you are a strategic, results-driven GRC leader ready to make a tangible business impact, we encourage you to apply.