×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

IT Security Lead - Risk Management

Job in Toledo, Lucas County, Ohio, 43614, USA
Listing for: Owens Corning Foundation
Full Time position
Listed on 2026-05-24
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

The IT Security Lead - Risk Management is a critical member of the Owens Corning Global Information Services (GIS) Security team. This role supports the Governance, Risk, and Compliance (GRC) function by executing cybersecurity governance activities, performing risk assessments, maintaining security policies and standards, supporting audits, and enabling compliance across the enterprise.

This role has global responsibility for identifying, analyzing, documenting, and communicating cybersecurity risks and control gaps in support of the cybersecurity risk framework. Strong analytical skills are required to assess complex environments, identify emerging risks and inconsistencies, and translate findings into clear, actionable guidance for risk owners and leadership.

The IT Security Lead - Risk Management also supports cybersecurity compliance activities across projects, programs, facilities, and business functions. This role manages information security communications, including policies, standards, and related requirements, ensuring updates are documented, approved, and communicated in alignment with governance expectations.

Success in this role requires comfort operating in a fast‑paced environment, managing multiple priorities, and adjusting to changing business needs. Curiosity, integrity, honesty, and strong attention to detail are essential when working with regulatory requirements, audit evidence, risk documentation, and enterprise reporting.

Reports to:

IT Security Leader – Governance, Risk and Compliance

Span of Control:
Individual Contributor

Job Responsibilities Knowing Our Businesses and Their Strategies
  • Maintain strong awareness of evolving security standards, regulatory requirements, and industry best practices, and assess their impact on organizational risk posture and compliance obligations.
  • Enable effective governance and audit readiness for Business Continuity and Disaster Recovery (BCP/DR) controls, aligned with information security, incident response, and compliance requirements.
  • Identify opportunities to align security and compliance initiatives with strategic business programs (e.g., digital transformation, AI adoption, operational resilience), ensuring security is embedded as a business enabler rather than a constraint.
  • Provide governance support for AI and machine‑learning capabilities by maintaining and evolving security, governance, and responsible‑AI policies aligned to enterprise objectives; executing AI security and risk assessments to identify control gaps and emerging risks; coordinating with Legal, Privacy, and business stakeholders to ensure alignment with regulatory, ethical, and compliance expectations; and continuously monitoring regulatory developments, industry trends, and emerging risks to inform and strengthen governance practices.
Executing

Strategy
  • Support enterprise cybersecurity governance and compliance efforts, including development and maintenance of information security policies, standards, procedures, and ISO 27001 ISMS documentation.
  • Perform compliance and assurance activities, including internal control reviews and external audit coordination.
  • Perform information security risk assessments in accordance with the cybersecurity risk framework.
  • Identify control gaps, weaknesses, and emerging risks, document findings clearly and consistently.
  • Support risk owners with analysis, impact statements, and documentation.
  • Track and report risk remediation activities and status.
  • Execute third‑party security assessments aligned with vendor risk management processes.
  • Document vendor risks, control gaps, and remediation actions.
  • Maintain vendor risk documentation and audit evidence.
  • Draft, review, and maintain information security policies, standards, procedures, and guidelines.
  • Ensure policies align with ISO 27001, regulatory requirements, and internal governance standards.
  • Perform ongoing control testing and monitoring activities.
  • Track audit findings, remediation activities, and evidence closure.
Influencing in the Function
  • Collaborate with cross‑functional partners to support security and compliance requirements.
  • Partner with Internal Controls, Internal Audit, and external auditors…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search