×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

IT Security GRC Expert, Global

Job in Lancaster, Lancaster County, Pennsylvania, 17622, USA
Listing for: Olympus Corporation of the Americas
Full Time position
Listed on 2026-06-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Working

Location:

Pennsylvania, Center Valley;
Massachusetts, Westborough

Workplace Flexibility:
Hybrid

Job Duties
  • The Senior IT Security GRC Analyst (Global) is accountable for the following core responsibility areas. Responsibilities are global in scope, with execution assigned based on regional needs, maturity, and business priorities.
  • Establish, maintain, and operationalize IT Security governance structures aligned to Olympus policies and global standards.
  • Ensure security-related policies, standards, and procedures are consistently interpreted and applied across regions and systems.
  • Translate regulatory and framework requirements into actionable governance expectations for IT Security.
  • Own the end-to-end lifecycle of IT Security risk, including identification, assessment, prioritization, treatment tracking, escalation, and reporting.
  • Supports and escalates IT Security risk acceptance decisions in alignment with the enterprise risk management model and defined approval thresholds.
  • Maintain and govern the IT Security risk register within approved GRC tooling.
  • Evaluate security risks arising from systems, services, projects, third parties, and control gaps.
  • Ensure material security risks are communicated upward in a timely and disciplined manner.
  • Ensures material or unresolved IT Security risks are escalated and made visible in accordance with established governance processes.
  • This role owns IT Security risk. Enterprise-wide IT risk ownership and acceptance resides with IT Assurance.
  • Own governance of IT Security control frameworks (e.g., NIST, ISO), including control definition, mapping, and alignment to policy and regulatory requirements.
  • Monitor and assess control effectiveness using evidence, metrics, and tool outputs.
  • Validates security control effectiveness through evidence-based assessment methods aligned to recognized security frameworks.
  • Govern security-related exception management, including documentation, risk evaluation, treatment tracking, and reporting.
  • Partner with technical and operational teams responsible for control execution without assuming operational responsibility.
  • Conduct and govern IT Security risk assessments for third‑party vendors and service providers.
  • Analyze security posture, identify control gaps, and recommend risk treatment options.
  • Track and report third‑party security risks and remediation commitments.
  • Support secure procurement and onboarding processes through a security risk lens.
  • Support internal and external audits by providing security‑focused evidence, analysis, and responses.
  • Coordinate security‑related audit activities, timelines, and stakeholder engagement.
  • Ensure security control obligations are traceable, defensible, and audit‑ready.
  • This role is not an audit function. Audit independence and ownership reside with IT Assurance.
  • Interpret outputs from security and compliance tools to identify trends, risks, and control performance.
  • Develop and maintain dashboards, KPIs, and executive‑level reporting related to IT Security risk.
  • Translate technical security data into clear business‑relevant insights for executive leadership.
  • Act as a leader and representative of IT Security GRC across global and regional stakeholders.
  • Direct and oversee MSSP activities within defined GRC scope, ensuring alignment to governance expectations.
  • Exercise judgment on escalation while maintaining proactive upward information sharing.
  • Influence outcomes through collaboration, clarity, and accountability rather than hierarchy.
Job Qualifications

Required:

  • A minimum of a Bachelor's degree in Information Security/Technology is preferred or equivalent experience.
  • Should hold at least one relevant and related security certification (e.g., CISM, CISSP, CISA, CRISC, etc.).
  • Minimum 8 years of relevant work experience (IT Security, GRC, etc.).
  • At least 5 years of Lead/Manager experience.
  • Thorough knowledge and understanding of Cybersecurity Frameworks, like ISO 27001/27002, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX (JSox) and IT Risk Management.
  • Excellent oral and written communication skills in local language.
  • Excellent oral and written communication skills in English.
Benefits
  • Competitive salaries, annual bonus and 401(k)
    *…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search