×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

GRC Cybersecurity Lead

Job in Carol Stream, DuPage County, Illinois, 60158, USA
Listing for: OSG
Full Time position
Listed on 2026-06-19
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 90000 USD Yearly USD 90000.00 YEAR
Job Description & How to Apply Below

If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process.

GRC Cybersecurity Lead

Full Time Professional Carol Stream, IL, US

6 days ago Requisition

Salary Range: $90,000.00 To $ Annually

Governance, Risk, and Compliance Cybersecurity Lead

OSG is growing our Governance, Risk, and Compliance function and looking for an experienced practitioner ready to take real ownership, shaping how we measure, manage, and communicate cyber risk enterprise-wide.

As a GRC Cybersecurity Lead, you will own OSG’s cybersecurity GRC program end-to-end. This is a high-visibility role and you will work shoulder-to-shoulder with executive leadership, Legal, Compliance, Privacy, Internal Audit, IT, Engineering, Product, and Sales. Reporting directly to the CISO and have a meaningful seat at the table where risk decisions get made.

Job Focus
  • Own enterprise-wide cyber risk analysis and reporting, from methodology to board-level dashboards.
  • Develop and continuously refine risk assessment methodologies, scoring models, and risk appetite statements.
  • Identify, evaluate, and quantify cybersecurity risks; recommend mitigation strategies and track remediation to closure.
  • Lead annual and ad hoc enterprise risk assessments, including third-party/vendor risk reviews.
  • Coordinate tabletop exercises and Incident Response Plan testing.
Policy & Standards Management
  • Keep all cybersecurity policies, standards, and procedures current and aligned to NIST CSF, HITRUST CSF, HIPAA, and PCI DSS 4.0.
  • Lead the annual policy review and approval cycle, including version control, exception management, and stakeholder sign-off.
  • Develop and map controls across frameworks to minimize duplication and audit fatigue.
  • Communicate policy changes and provide interpretive guidance to internal stakeholders and control owners.
  • Partner with Compliance, IT, Engineering, Product, Legal, HR, Finance, and Operations to ensure risks are captured in OSG’s enterprise risk register.
  • Maintain accuracy and completeness of the risk register; track treatment plans and accept/transfer/mitigate/avoid decisions.
  • Facilitate risk review forums, steering committees, and quarterly risk governance meetings.
  • Escalate critical or unresolved risks to the CISO and executive leadership.
Compliance & Regulatory Partnership
  • Work with Compliance to ensure cybersecurity policies meet regulatory requirements (HIPAA, PCI DSS, state privacy laws) and client contractual obligations.
  • Support internal and external audits; HITRUST, SOC 2, PCI DSS, HIPAA, and client audits including coordinating evidence, responses, and remediation.
  • Track regulatory and framework changes and translate them into actionable policy and control updates.
  • Manage client-facing security questionnaires and assessments (CAIQ, SIG, HITRUST inheritance, custom questionnaires).
Contract Review
  • Review MSAs, vendor contracts, BAAs, DPAs, and other agreements to confirm cybersecurity and data protection sections meet OSG and regulatory requirements.
  • Validate clauses covering data protection, breach notification, audit rights, subcontractor controls, encryption, retention, and data return/destruction.
  • Partner with Legal, Procurement, and Sales to negotiate security-related contract language.
  • Maintain a library of standard security clauses, fallback positions, and contract templates.
Cross-Functional Leadership
  • Serve as the senior subject-matter expert for GRC, mentoring analysts and influencing stakeholders across the organization without formal reporting authority.
  • Build strong relationships with IT, Engineering, Product, Legal, Compliance, Privacy, Internal Audit, and HR.
Qualifications
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field.
  • 8+ years of progressive experience in cybersecurity GRC, IT audit, information security, or compliance (at least 3 years focused on policy, risk, and/or compliance).
  • Hands-on experience operating a cybersecurity risk register and end-to-end risk management lifecycle.
  • Experience supporting audits or certifications under at least two of: NIST CSF, HITRUST, HIPAA, PCI DSS, SOC 2.
  • Deep…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search