Cybersecurity GRC Program Lead
Echo Global Logistics · Chicago, IL · 5 days ago
Engineering$112k–$164k/yrFull-time
About the role
Echo is seeking a Cybersecurity GRC Program Analyst to build the operating system for security governance, risk, controls, evidence, and exceptions across the enterprise.
Responsibilities
- Select and drive adoption of a primary cybersecurity framework, likely starting with NIST CSF 2.0 while mapping outward to SOX ITGC, SOC2 Type2, ISO 27001, NIST AI RMF, ISO 42001 and other requirements for customers, audit, and international needs.
- Build and maintain a control ownership model across Technology, Engineering, Platform, Network, EUC, Asset, Data, Integrations, and Security.
- Translate existing policies into measurable operating practices, control expectations, evidence requirements, review cadences, and exception workflows.
- Partner with security architecture, engineering, and operations teams to ensure that governance expectations are practical, technically grounded, and enforceable.
- Drive enterprise risk and control assessments, including facilitating discussions on control design, effectiveness, and remediation priorities.
- Improve security questionnaire workflows through standardized responses, evidence reuse, service-level expectations, and clearer ownership.
- Coordinate third-party security intake and help define tiering, minimum security requirements, documentation expectations, and escalation paths.
- Partner with Internal Audit and business stakeholders on readiness efforts, compliance reviews, and operational audit support.
- Track policy exceptions, control gaps, remediation commitments, and overdue actions through closure, including clear owners and time bounds.
- Provide security governance input on supplier security requirements, contractual obligations, and ongoing review expectations.
- Produce reporting for leadership on framework maturity, control ownership, policy currency, evidence readiness, exception status, and risk trends.
- Lead the evolution to and support of continuous compliance capabilities to improve control visibility, evidence freshness, and audit readiness.
- Manage and evolve the organization’s trust center, including published security documentation, customer-facing assurance materials, and the processes that keep content current and supportable.
Requirements
- 5+ years in cybersecurity GRC, security risk, audit readiness, compliance operations, or related functions, with clear experience building or maturing governance operating models.
- 2+ years of GRC experience in a public company. Experience with SOX ITGC controls. Understanding of regulatory and SEC requirements for a public company.
- Strong experience operationalizing NIST CSF and translating controls across frameworks such as ISO 27001, SOX, SOC 2, or similar frameworks.
- Experience building or maturing security governance programs in complex enterprise environments with multiple technical stakeholders.
- Strong experience with risk assessments, control design reviews, exception management, and remediation tracking.
- Experience with third-party risk, supplier security reviews, security questionnaires, and governance workflows that scale beyond one-off reviews.
- Ability to turn policy and framework language into concrete operating practices, ownership expectations, and measurable evidence.
- Strong writing, stakeholder management, and executive communication skills.
Qualifications
- Preferred qualifications include GRC experience with a public company for SEC and regulatory reporting requirements, i.e. 10K, 8K. Experience supporting SOC 2, ISO 27001, CTPAT, SOX or similar audit/readiness efforts.
- Experience with evidence management, control testing, internal audit coordination, or related assurance processes.
- Experience with automated continuous compliance platforms, including evidence automation, control monitoring, and audit readiness workflows.
- Experience managing a trust center or similar customer assurance portal and keeping security documentation current and reusable.
- Familiarity with enterprise technology environments spanning cloud, identity, endpoint, network, and application security domains. Knowledge of AI governance frameworks, e.g, NIST AI RMF, and ISO 42001.
Pay
$112,498.00-163,571.00 per year
Schedule
Remote