×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

DIrector, Governance, Risk & Compliance; GRC and Third-Party Security Risk

Job in San Jose, Santa Clara County, California, 95199, USA
Listing for: Lumentum
Full Time position
Listed on 2025-12-22
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 150000 - 200000 USD Yearly USD 150000.00 200000.00 YEAR
Job Description & How to Apply Below
Position: DIrector, Governance, Risk & Compliance (GRC) and Third-Party Security Risk

It’s fun to work in a company where people truly BELIEVE in what they’re doing!
We’re committed to bringing passion and customer focus to the business.

If you like wild growth and working with happy, enthusiastic over-achievers, you’ll enjoy your career with us!

The Director, GRC and Third-Party Security Risk will lead Lumentum’s global security governance, compliance, and third-party risk programs. This role combines deep technical expertise, program management rigor, and cross-functional leadership to ensure that Lumentum’s compliance and vendor ecosystems remain secure, resilient, and aligned with industry standards.

The ideal candidate will build structured frameworks for tracking and reporting compliance projects, lead certification efforts for key standards such as ISO 27001:2022
, NIST CSF
, and NIST SP 800-171
, and oversee a robust third-party security risk program covering suppliers, partners, and service providers globally.

Responsibilities Governance, Risk, and Compliance (GRC)
  • Lead and maintain Lumentum’s global information security compliance program across ISO 27001:2022, NIST CSF, and NIST SP 800-171.
  • Develop and maintain structured frameworks for tracking compliance initiatives—defining project milestones, owners, dependencies, and measurable outcomes.
  • Build and maintain dashboards and executive reports summarizing project progress, audit results, remediation status, and control maturity.
  • Coordinate internal and external audits, certification renewals, and third-party assessments.
  • Partner with enterprise risk management, audit, IT, and operations teams to integrate GRC processes into broader corporate governance.
  • Ensure security controls are maintained across both on-prem and cloud/SaaS environments.
Third-Party Security Risk Management
  • Design, implement, and lead a global third-party risk management (TPRM) program encompassing suppliers, service providers, and strategic partners.
  • Define and maintain vendor security assessment frameworks, control baselines, and onboarding/off-boarding requirements.
  • Track and report on vendor coverage, risk remediation progress, and control maturity metrics.
  • Establish continuous monitoring mechanisms to identify new or emerging vendor threats.
  • Collaborate with Procurement, Legal, and Supply Chain to embed security controls in vendor contracts and lifecycle processes.
  • Lead response coordination for vendor-related security incidents impacting Lumentum operations or data.
Leadership and Collaboration
  • Partner with IT, Supply Chain, Operations, Legal, and regional teams to align governance and risk management with business objectives.
  • Guide cross-functional teams through remediation and risk reduction initiatives.
  • Mentor and develop team members, fostering a culture of accountability, continuous improvement, and measurable progress.
  • Present program performance and maturity metrics to executive leadership.
Required Skills
  • Expertise in ISO 27001 implementation and audit lifecycle management.
  • Deep understanding of NIST CSF, NIST SP 800-171, and control mapping across frameworks.
  • Strong program management skills with ability to define, track, and report a portfolio of compliance and risk initiatives.
  • Experience developing dashboards and reporting mechanisms for risk, remediation, and control maturity tracking.
  • Proficiency in designing and operating third-party risk programs covering assessments, control validation, and ongoing monitoring.
  • Capability to translate technical security findings into clear business impact.
  • Advanced written and verbal communication for executive-level reporting and board-facing deliverables.
  • Familiarity with hybrid enterprise environments (on-premises, SaaS, cloud platforms).
Desirable Skills
  • Experience with GRC tooling (e.g., Archer, Service Now GRC, One Trust, or similar).
  • Background in global manufacturing or high-tech supply chain environments.
  • Knowledge of privacy frameworks (GDPR, CCPA) and data protection practices.
  • Working knowledge of secure software development lifecycle (SDLC) and Dev Sec Ops  principles.
  • Familiarity with cybersecurity metrics automation and business intelligence visualization tools.
Education
  • Bachelor’s degree in Information Security,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search