×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Cybersecurity GRC Program Lead

Job in Walnut Creek, Contra Costa County, California, 94598, USA
Listing for: I.T. Solutions, Inc.
Full Time position
Listed on 2026-06-23
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below

Location:
Reno, NV or Walnut Creek, CA (must be on site 4 days/week)

Full-time/Permanent

Reports to:
Enterprise Security Manager

About the role
  • Client is seeking a Cybersecurity GRC Program Lead to build the operating system for security governance, risk, controls, evidence, and exceptions across the enterprise. This is a hands‑on leadership role for someone who can select and drive adoption of a primary cybersecurity framework, build the control ownership model, build & improve evidence operations, accelerate questionnaire throughput, and create practical governance mechanisms that work with real engineering and business teams.
  • This role is not limited to policy writing or audit coordination. It is intended to make security governance real and measurable across the enterprise by building practical operating mechanisms around risk, controls, evidence, exceptions, and stakeholder accountability. In the staffing plan, this role is explicitly intended to select and operationalize the primary framework, likely starting with NIST CSF 2.0 while mapping outward to ISO 27001 and other requirements for customer, audit, and international needs.
What you will do:
  • Lead selection, adoption, and operationalization of client's primary cybersecurity framework and related standards structure, with NIST CSF 2.0 as the likely management layer
  • Build and maintain a control ownership model across Technology, Engineering, Platform, Network, EUC, Asset, Data, Integrations, and Security
  • Translate existing policies into measurable operating practices, control expectations, evidence requirements, review cadences, and exception workflows
  • Partner with security architecture, engineering, and operations teams to ensure that governance expectations are practical, technically grounded, and enforceable
  • Drive enterprise risk and control assessments, including facilitating discussions on control design, effectiveness, and remediation priorities
  • Build an evidence library structure while defining repeatable collection, review, reuse, and freshness cadences
  • Improve security questionnaire workflows through standardized responses, evidence reuse, service‑level expectations, and clearer ownership
  • Coordinate third‑party security intake and help define tiering, minimum security requirements, documentation expectations, and escalation paths
  • Partner with Internal Audit and business stakeholders on readiness efforts, compliance reviews, and operational audit support
  • Track policy exceptions, control gaps, remediation commitments, and overdue actions through closure, including clear owners and time bounds
  • Provide security governance input on supplier security requirements, contractual obligations, and ongoing review expectations
  • Produce reporting for leadership on framework maturity, control ownership, policy currency, evidence readiness, exception status, and risk trends
  • Lead the evolution to and support of continuous compliance capabilities to improve control visibility, evidence freshness, and audit readiness
  • Manage and evolve the organization's trust center, including published security documentation, customer‑facing assurance materials, and the processes that keep content current and supportable
What success looks like
  • In the first 60 to 90 days, this role is expected to produce a framework decision package, define the control ownership model, stand up an evidence library structure, improve questionnaire operations, and establish practical workflows for exceptions and third‑party intake. Over 12 months, success means framework adoption becomes measurable, control ownership is visible, evidence is reusable, customer and audit due diligence become less reactive, and policy exceptions and control gaps are actively managed.
What

you bring
  • 7+ years in cybersecurity GRC, security risk, audit readiness, compliance operations, or related functions, with clear experience building or maturing governance operating models
  • Strong experience operationalizing NIST CSF and translating controls across frameworks such as ISO 27001, SOX, SOC 2, or similar frameworks
  • Experience building or maturing security governance programs in complex enterprise environments with multiple…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search