Jobs · Information Technology · California

Director, Cybersecurity & GRC

Form Energy · Berkeley, CA · 2 wk ago
HybridInformation Technology$200k–$294k/yrFull-time

Role Description

As Form Energy matures and scales, the Director of Cybersecurity & GRC builds and leads our cybersecurity and IT governance, risk, and compliance programs. This is a CISO-track leadership role: you will set strategy and lead a team — a GRC Manager who owns IT general controls end-to-end, a Staff Security Engineer, and a Senior Security Engineer — while owning the security program, the policy and standards lifecycle, enterprise IT risk, and the external-audit relationship.

  • Mature an ISO 27001-aligned information security management system and the controls a maturing, compliance-intensive company depends on, backstopped by an external advisor.
  • Lead the cybersecurity program: endpoint detection and response / managed detection and response, email and web security, identity and access management, vulnerability management, threat detection, and incident response; manage security vendors and the managed SOC.
  • Own IT governance, risk, and compliance — directing a GRC Manager who owns ITGC design, operation, and evidence end-to-end; the policy and standards lifecycle within an ISO 27001-aligned ISMS; the enterprise IT risk register; control mapping; and exception/issue tracking.
  • Design a control framework synergistic across ITGC, SOC 2, ISO 27001, and NIST 800-171 / CMMC scopes as required by the business and customer contracts.
  • Serve as the primary IT liaison to external auditors and readiness advisors — driving audit readiness, supporting fieldwork, and tracking remediation to closure; direct the external advisor backstop.
  • Mature incident response and disclosure governance: incident response plan and tabletop exercises, and the cyber incident-disclosure and materiality-determination process in partnership with Legal, Finance, and IT, aligned to applicable regulatory and disclosure obligations.
  • Establish data classification, retention, and encryption standards, and a vendor / third-party security risk program.
  • Partner on the IT/OT security boundary and with product security, without owning operational technology or on-product (battery) cybersecurity.
  • Report cybersecurity and compliance posture to leadership and governance bodies in clear, decision-ready terms.
  • Lead, coach, and develop the cybersecurity and GRC team; hire selectively against clear capability gaps.

What You'll Bring

  • 10+ years in cybersecurity and/or IT GRC, including 5+ years in leadership (CISO-track).
  • Deep ITGC experience — control design, operation, and audit — in a compliance-intensive or scaling-company setting, with the judgment to direct a GRC Manager and external advisors.
  • Breadth across the security program: IAM, EDR/MDR, vulnerability management, and incident response, with fluency in recognized frameworks (ISO 27001, SOC 2, NIST CSF / 800-53; NIST 800-171 / CMMC a plus).
  • Experience as an external-audit liaison, plus policy authorship and lifecycle ownership.
  • Strong people leadership and executive-grade communication, including board-quality reporting.

Preferred Qualifications

  • Experience in manufacturing, energy, or critical-infrastructure sectors.
  • Experience standing up a first-time formal IT controls environment in a scaling company.
  • Certifications such as CISSP, CISA, CISM, or CRISC.
  • Familiarity with privacy regimes (GDPR / CCPA) and AI governance frameworks (Form Energy’s AI governance is led separately within the Chief Digital Officer organization; this role collaborates rather than owns it).
  • Compensation Range

    $199,950 - $293,835

Similar jobs