IT Program Manager - Cyber Compliance
Listed on 2026-07-18
-
IT/Tech
Cybersecurity
What you’ll do:
Eaton’s Corporate Sector division is currently seeking an IT Program Manager – Cyber Compliance. The expected annual salary range for this role is $130,000 – $190,000 a year. This role can sit out of one of the following locations:
- Beachwood OH
- Galesburg MI
- Houston TX
- Menomonee Falls WI
- Moon Township PA
- Raleigh NC
The Program Manager – IT Cyber Compliance orchestrates and delivers Eaton’s multi‑framework cybersecurity compliance program end to end, translating the CISO’s compliance vision into an executable, measurable plan. The role is the driving force behind Eaton’s pivot from reactive, event‑ and audit‑driven activity to a continuous, assurance‑based compliance capability – treating certifications as a strategic capability rather than a one‑time event.
This is a delivery‑accountable program management role with deep compliance expertise. The Program Manager runs the full program lifecycle – scope, schedule, budget, risk, dependencies, and outcomes – across concurrent certification and assessment work streams spanning CMMC
2.0, SOC2, ISO
27001, Cyber Essentials Plus (CE+). Success is the consistent, predictable achievement and sustainment of compliance assurance that protects revenue, contract eligibility, and customer preference with Eaton’s largest customers and regulators.
The role is a key contributor to Eaton’s “Test‑Once / Apply‑Many” evidence model, enabling reusable assurance across multiple regulatory and customer frameworks, directly supporting the Eaton CISO’s Strategy.
Key Responsibilities- Own end‑to‑end delivery of Eaton’s Cyber Compliance Transformation Program, meeting defined objectives, timelines, scope, budget, and business outcomes across all in‑scope frameworks, controls and sites.
- Translate the CISO’s compliance strategy into an integrated program plan, roadmap, and roles‑and‑responsibilities matrix; maintain the program charter as the authoritative governing artifact.
- Operate a single program intake so framework demands are prioritized, sequenced, and paced through one coordinated model rather than competing efforts.
- Lead Level2 readiness across in‑scope environments – self‑assessment, POA&M remediation, CUI protection, C3
PAO assessment scheduling and execution – aligned to NISTSP
800‑171 and US Department of Defense / Department of War contract requirements. - Manage readiness and examination cycles against SOC2’s Trust Services Criteria, coordinating control evidence and auditor engagement for shared services and customer‑facing environments.
- Sustain ISO
27001 certification and surveillance/ reassessment cycles across certified sites, including mandatory documentation, internal audits, and external (e.g., BSI) assessments. - Drive Cyber Essentials & CE+ certification and vulnerability‑remediation readiness required for UK MOD and BAE contractual obligations, coordinating with assessors (e.g., URM / IASME) and site owners.
- Maintain TISAX and adjacent regulatory obligations (e.g., EASA Part‑IS for aerospace sites), mapping shared controls to reduce duplicate effort.
- Advance the Unified Control Framework and “Test‑Once / Apply‑Many” evidence model so a single control set and reusable evidence satisfy many frameworks.
- Shift the program from point‑in‑time audits to continuous control testing and monitoring, ensuring controls operate effectively and assurance can be demonstrated at any time.
- Partner with Internal Audit to define what “great” looks like, validate control testing models, and reduce exceptions through standardized remediation and tracking.
- Serve as the face of the program – owning the plan, risks, executive presentations, and escalations – and the senior point of coordination with control owners, regional security leads, IT, legal, and business stakeholders.
- Proactively identify, mitigate, and resolve risks, issues, and cross‑framework dependencies to protect delivery timelines, using a CISO‐level escalation path where needed.
- Actively manage budgets, forecasts, and resources to optimize delivery efficiency and program value.
- Lead assessment‑ready posture – compliance preparation playbooks, mock assessments, and standardized audit responses – and sequence concurrent…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).