Cybersecurity GRC Manager
About the role
The Cybersecurity GRC Manager will build and scale a global cybersecurity GRC program in a complex industrial environment with direct exposure to executive leadership.
Responsibilities
- Own and mature the KES cybersecurity GRC program by establishing governance structure, policies, standards, expectations, and accountability across KES businesses.
- Represent KES cybersecurity in internal meetings, review boards, and cross-functional forums, including coordination with the Koch cybersecurity organization.
- Build and manage cybersecurity risk processes, including risk registers, findings, vulnerabilities, remediation plans, ownership, escalation, and business acceptance.
- Manage cybersecurity compliance obligations across regulatory, contractual, and customer requirements, including NIS2, China MLPS, NERC CIP, and other applicable cybersecurity standards and frameworks.
- Cook cybersecurity audits, assessments, evidence requests, customer reviews, and remediation tracking in partnership with Legal, Compliance, commercial teams, IT, and business leaders.
- Coordinate cybersecurity awareness program in partnership with the Koch cybersecurity organization, tailoring content, driving participation, and tracking effectiveness.
- Monitor emerging cybersecurity risks, regulatory changes, technology trends, and program metrics to improve visibility, inform risk decisions, support executive reporting, and strengthen program effectiveness.
Requirements
Experience in cybersecurity governance, risk, and compliance program management, including risk registers, remediation tracking, and compliance obligations.
Experience interpreting regulatory, contractual, and customer cybersecurity requirements and translating them into practical business actions.
Experience partnering with cross-functional stakeholders and leaders.
Demonstrated ability to influence in a matrixed environment.
Qualifications
- Experience with GRC platforms such as ZenGRC, ServiceNow GRC, or similar tools to manage risk, compliance, and audit activities.
- Experience with cybersecurity requirements or frameworks such as NIS2, China MLPS, NERC CIP, ISO 27001, NIST CSF, CIS Controls, or other commonly used cybersecurity maturity frameworks.
- Experience supporting customer cybersecurity questionnaires, contract security reviews, evidence requests, or external security assessments.
- Experience applying cybersecurity governance and compliance practices, in a practical, risk-based manner that supports business objectives and enables informed decision-making.
- Experience supporting cybersecurity governance in industrial, engineering, energy, manufacturing, or operational technology environments.
- Experience supporting cybersecurity governance for emerging technologies, including AI-enabled tools or platforms.
- Experience using AI tools to create efficiencies in business processes and role responsibilities.
Skills
Experience with GRC platforms such as ZenGRC, ServiceNow GRC, or similar tools to manage risk, compliance, and audit activities.
Experience with cybersecurity requirements or frameworks such as NIS2, China MLPS, NERC CIP, ISO 27001, NIST CSF, CIS Controls, or other commonly used cybersecurity maturity frameworks.
Experience supporting customer cybersecurity questionnaires, contract security reviews, evidence requests, or external security assessments.
Experience applying cybersecurity governance and compliance practices, in a practical, risk-based manner that supports business objectives and enables informed decision-making.
Experience supporting cybersecurity governance in industrial, engineering, energy, manufacturing, or operational technology environments.
Experience supporting cybersecurity governance for emerging technologies, including AI-enabled tools or platforms.
Experience using AI tools to create efficiencies in business processes and role responsibilities.
Benefits
Details on benefits will be provided in the offer letter.
Pay
Details on pay will be provided in the offer letter.
Schedule
Details on schedule will be provided in the offer letter.