IT Program Manager - Cyber Compliance
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, IT Project Manager, Information Security
IT Program Manager
- Cyber Compliance
Eaton's Corporate Sector division is currently seeking an IT Program Manager
- Cyber Compliance. The expected annual salary range for this role is $130000 - $190000 a year. This role can sit out of one of the following locations:
Beachwood OH, Galesburg MI, Houston TX, Menomonee Falls WI, Moon Township PA, or Raleigh NC.
Please note the salary information shown above is a general guideline only. Salaries are based upon candidate skills, experience, and qualifications, as well as market and business considerations.
What You'll Do:Position Overview: The Program Manager – IT Cyber Compliance orchestrates and delivers Eaton's multi-framework cybersecurity compliance program end to end, translating the CISO's compliance vision into an executable, measurable plan. The role is the driving force behind Eaton's pivot from reactive, event- and audit-driven activity to a continuous, assurance-based compliance capability — treating certifications as a strategic capability rather than a one-time event.
This is a delivery-accountable program management role with deep compliance expertise. The Program Manager runs the full program lifecycle — scope, schedule, budget, risk, dependencies, and outcomes — across concurrent certification and assessment work streams spanning CMMC 2.0, SOC 2, ISO 27001, Cyber Essentials Plus (CE+). Success is the consistent, predictable achievement and sustainment of compliance assurance that protects revenue, contract eligibility, and customer preference with Eaton's largest customers and regulators.
The role is a key contributor to Eaton's "Test-Once / Apply-Many" evidence model, enabling reusable assurance across multiple regulatory and customer frameworks, directly supporting the Eaton CISO's Strategy.
Key Responsibilities:Compliance Program Leadership & Delivery
• Own end-to-end delivery of Eaton's Cyber Compliance Transformation Program, meeting defined objectives, timelines, scope, budget, and business outcomes across all in-scope frameworks, control and sites.
• Translate the CISO's compliance strategy into an integrated program plan, roadmap, and roles-and-responsibilities matrix; maintain the program charter as the authoritative governing artifact.
• Operate a single program intake so framework demands are prioritized, sequenced, and paced through one coordinated model rather than competing efforts.
Framework-Specific Compliance Expertise• CMMC 2.0 (critical path): lead Level 2 readiness across in-scope environments — self-assessment, POA&M remediation, CUI protection, C3
PAO assessment scheduling and execution — aligned to NIST SP 800-171 and US Department of Defense / Department of War contract requirements. • SOC 2: manage readiness and examination cycles against the Trust Services Criteria, coordinating control evidence and auditor engagement for shared services and customer-facing environments. • ISO 27001: sustain ISMS certification and surveillance/re-assessment cycles across certified sites, including mandatory documentation, internal audits, and external (e.g., BSI) assessments.
• Cyber Essentials & CE+: drive certification and vulnerability-remediation readiness required for UK MOD and BAE contractual obligations, coordinating with assessors (e.g., URM / IASME) and site owners. • TISAX & sector regulations: maintain TISAX and adjacent regulatory obligations (e.g., EASA Part-IS for aerospace sites), mapping shared controls to reduce duplicate effort.
Unified Control & Continuous Assurance
• Advance the Unified Control Framework and "Test-Once / Apply-Many" evidence model so a single control set and reusable evidence satisfy many frameworks.
• Shift the program from point-in-time audits to continuous control testing and monitoring, ensuring controls operate effectively and assurance can be demonstrated at any time.
• Partner with Internal Audit to define what "great" looks like, validate control testing models, and reduce exceptions through standardized remediation and tracking.
Stakeholder, Risk, Dependency & Financial Management
• Serve as the face of the program — owning the plan, risks, executive presentations, and escalations — and…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).