Job Description:
- Must have 8+ years (current) experience with End-to-end ISO 27001 implementation - (ISMS design through certification).
- Must have SOX 404 ITGC ownership experience, including scoping, control design, testing, and remediation across ERP (e.g., SAP/Oracle) and key business applications
- Establish and mature the enterprise GRC program aligned to ISO 27001, SOX, NIST CSF, CIS Controls and relevant regulatory requirements.
- Own the Information Security Management System (ISMS) lifecycle: scope definition, risk assessment, Statement of Applicability (SoA), control implementation, internal audit, management review, corrective actions, and surveillance/recertification readiness.
- Define and maintain policies, standards, and procedures (e.g., access control, change management, vulnerability management, secure SDLC, incident response, supplier security).
- Chair / Lead / coordinate governance forums (e.g., Risk & Compliance Steering Committee, Change Advisory Board, Management Review meetings).
- Lead the ISO 27001 certification journey: gap analysis, roadmap, control implementation, training/awareness, internal audits, and liaison with external certification bodies.
- Manufacturing or Heavy Industrial or similar is a bonus: Manufacturing/OT exposure: ICS/SCADA risk management, plant-floor realities (safety, uptime, maintenance windows).
We are an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, national origin, citizenship/ immigration status, veteran status, or any other status protected under federal, state, or local law.