×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Cybersecurity GRC Manager

Job in Pittsburgh, Allegheny County, Pennsylvania, 15201, USA
Listing for: Excelitas Technologies
Full Time position
Listed on 2026-06-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Excelitas is a global technology leader with more than 7,500 employees, focused on delivering market-driven solutions to fulfill the illumination, optical, detection and imaging needs of OEMs and end-users across the biomedical, semiconductor, industrial, consumer products, scientific, security, defense and aerospace sectors.

ENGAGE with us today and make your contribution to the future! Join the team that leading technology companies turn to for cutting-edge photonic innovation. At Excelitas Technologies you are how we EXCEL.

We are presently seeking a Cybersecurity GRC Manager who will work out of our corporate headquarters in Pittsburgh, PA. and is committed to ensuring overall business success and corporate governance. In addition to a vast portfolio of high-performance photonic products and technologies, Excelitas offers single source convenience and reliability for integrated end-to-end photonic solutions… from light source to sensor, and everything in between.

We excel at delivering innovative and customized components, sub-assemblies and fully integrated photonic systems to meet the unique illumination, optronic, sensing and optical technology needs of global OEM customers.

Main responsibilities:

Governance & Policy Development

* Develop, maintain, and govern information security policies, standards, and procedures, ensuring alignment with regulatory, contractual, and customer requirements;

* Ensure policies and related documentation are clear, practical, enforceable, and reviewed on a defined, documented cadence;

* Translate external regulatory, contractual, and customer security requirements into internal control expectations and actionable guidance;

* Monitor changes in regulatory requirements and industry frameworks, assessing organizational impact and driving updates to policies and controls as needed;

* Manage the policy exception and waiver process, ensuring risk assessment, appropriate approval, time-bound tracking, and resolution;

Compliance & Regulatory Assurance

* Support and manage compliance with CMMC Level 2, SOX, and other regulatory or customer-driven security requirements;

* Develop and maintain CMMC program documentation, including system boundaries, data flows, interconnections, and control implementations;

* Maintain the organization's SPRS score in coordination with Cybersecurity, Infrastructure, and control owners, ensuring alignment with the current security assessment posture;

* Support SOX IT General Controls (ITGCs), including access reviews, change management, and IT operations controls;

* Manage remediation activities across audit findings, control gaps, and POA&Ms, ensuring clear ownership, validated closure evidence, and timely resolution;

* Serve as the primary point of contact for internal and external audits, coordinating walkthroughs, evidence collection, control testing, and ensuring timely, high-quality responses;

* IT Security Risk Management

* Conduct IT security risk assessments, documenting risks, impacts, likelihood, and mitigation plans;

* Maintain the enterprise IT security risk register and track risks through remediation or formal risk acceptance;

* Provide risk-based guidance to stakeholders on control design, security architecture decisions, and risk acceptance;

* Develop and maintain GRC dashboards, metrics, and reporting to provide visibility into risk posture, control effectiveness, and program health;

* Prepare and deliver risk briefings and GRC program updates to senior leadership, ensuring informed decision-making and documented risk acceptance;

* Support and mature the Third-Party Risk Management (TPRM) program, including risk assessments and ongoing monitoring;

* Support the development and delivery of security awareness and compliance training programs aligned with organizational and regulatory requirements;

* Identify opportunities for process improvement and automation within GRC workflows, including evaluation and implementation of GRC tooling;

GRC Team Management

* Manage day-to-day activities of GRC analysts;

* Conduct performance reviews and annual goal setting;

* Drive team development, capability building, and professional growth;

Requirements:

* 5+ years of progressive experience in IT Security Governance, Risk & Compliance (GRC) or related disciplines;

* Strong working knowledge of CMMC and NIST SP 800-171 requirements, SOX IT General Controls (ITGCs), Third-Party Risk Management (TPRM), and IT security risk management frameworks;

* Demonstrated ability to develop and maintain security policies, procedures, and standards that are clear, enforceable, and audit-ready;

* Hands-on experience supporting internal and external audits, including evidence preparation, walkthrough facilitation, and remediation of findings;

* Strong analytical, organizational, documentation, and communication skills;

* Proven ability to manage multiple concurrent work streams and drive activities to timely completion with minimal supervision;

* U.S. Person status as defined under ITAR (22 CFR…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search