Cybersecurity Governance, Risk & Compliance (GRC) Lead

Cybersecurity Governance, Risk & Compliance (GRC) Lead page is loaded## Cybersecurity Governance, Risk & Compliance (GRC) Leadlocations: Pleasanton, CA - USAtime type: Full timeposted on: Posted Todayjob requisition id: 21844Clorox is the place that’s committed to growth – for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team.**Your role at Clorox:**We are seeking a highly skilled and motivated Cybersecurity Governance, Risk & Compliance (GRC) Lead . This position reports to the Cybersecurity GRC Product Owner. The mission of this role is to support and continuously improve the company’s cybersecurity program, with a focus on driving risk informed decision making across sensitive data, systems, cloud environments, and third party relationships. In this role, the individual will work cross functionally as a trusted security advisor to identify, assess, and manage cybersecurity risks; ensure compliance with internal security policies, industry frameworks, and regulatory requirements; and guide business and technology leaders in making informed risk management decisions. The role requires a strong understanding of cybersecurity risks, technologies, and controls, as well as the ability to clearly communicate complex risk concepts to both technical and non technical stakeholders. The ideal candidate is deadline driven, detail oriented, and an excellent communicator, with deep expertise in cybersecurity governance and risk management best practices, with a focus on including third party security risk.**In this role, you will:****Third‐Party Risk Management (TPRM)*** Lead and execute **third‐party cybersecurity risk assessments** throughout the vendor lifecycle, including onboarding, periodic reassessment, contract renewal, and offboarding.* Evaluate vendor security posture using multiple inputs, including questionnaires, SOC reports, penetration test summaries, certifications, and evidence artifacts.* Assess **critical and high‐risk vendors**, including SaaS, cloud service providers, data processors, and managed service providers, for alignment with company security and privacy requirements.* Partner with **Procurement, Legal, Privacy, IT, and the business** to ensure cybersecurity risks associated with third parties are identified, documented, and addressed prior to contract execution.* Define and enforce **risk‐based onboarding and reassessment requirements** aligned to vendor criticality, data sensitivity, and system access.* Track third‐party risk findings, remediation commitments, and compensating controls to closure; escalate overdue or unacceptable risks as appropriate.* Support contract security requirements, including review of security clauses, right‐to‐audit provisions, data protection obligations, and incident notification requirements.* Maintain visibility into third‐party risk trends and exposures and report material risks to leadership.* Ensure third‐party risk processes meet **public‐company audit and regulatory expectations** and support internal audit and external reviews.**Cyber Risk & Compliance*** Assess cybersecurity risks related to **internal systems, cloud services, applications, and third‐party vendors** across technology and operational initiatives.* Ensure alignment with applicable cybersecurity, privacy, and compliance frameworks (e.g., **NIST, ISO, SOC, SOX, GDPR, CCPA**).* Support day‐to‐day operations by identifying cybersecurity compliance risks, ensuring appropriate escalation, and coordinating timely corrective actions.* Collaborate with technical and non‐technical teams to evaluate the effectiveness of security controls, identify and categorize risks, recommend improvements, and communicate outcomes.* Facilitate the development, maintenance, and enforcement of cybersecurity policies and standards in collaboration with internal subject matter experts.* Challenge the first line of defense by validating required assessments and attestations (e.g., **PCI, SOX, GDPR, CCPA**) and providing compliance guidance where necessary.* Provide oversight of vulnerability management, risk remediation activities, and the policy exception request process.* Communicate emerging risks, audit findings, and control issues to key stakeholders, and support remediation planning and execution.* Develop metrics and reporting to provide leadership visibility into cybersecurity risk posture, compliance status, and risk trends.**AI, Cloud, and Emerging Technology Risk*** Evaluate **AI‐enabled services offered by third parties** for model security, training data governance, privacy implications, and exposure to model manipulation attacks.* Ensure cloud and AI services align with referenced security and privacy frameworks (e.g., **NIST CSF/RMF, NIST AI RMF, ISO, SOC 2, GDPR, CCPA**).* Advise on secure adoption of emerging technologies while maintaining risk, compliance, and governance standards.**Stakeholder Engagement & Leadership*** Work closely with business, technology, and compliance counterparts to understand business objectives and ensure alignment with security policies and best practices.* Build strong relationships with business units to embed **security‐by‐design** into projects, architecture, infrastructure, and applications.* Build trusted relationships with senior leaders to accelerate adoption of cybersecurity governance and compliance initiatives.* Educate teams across the organization on cybersecurity risk, governance methodologies, and third‐party risk responsibilities.**What we look for:*** **6+ years** of experience performing cybersecurity risk assessments and applying risk management methodologies* **6+ years** of tracking, monitoring, and reporting cyber risk to management* **6+ years** of cybersecurity governance, risk, and compliance experience* Demonstrated experience in **third‐party cyber risk management**, including vendor risk assessments, remediation tracking, and stakeholder coordination* Experience managing a team of offshore managed service providers.* Experience managing **vendor risk across SaaS, cloud, data processors, and managed service providers*** Strong knowledge of cybersecurity controls management, controls testing, and automation* Hands‐on experience with cybersecurity and privacy frameworks (e.g., **NIST CSF/RMF, ISO 27001/27002, SOC 1/2/3, SOX, GDPR, CCPA**)* Experience with **AI/ML risk management frameworks** (e.g., NIST AI RMF, ISO/IEC 42001) and understanding of AI‐specific threat vectors* Experience drafting and maintaining cybersecurity policies and standards* Experience using **ServiceNow Integrated Risk Management** or a comparable GRC platform* Ability to influence without authority and communicate complex risk topics clearly to diverse audiences* Cyber risk or audit certifications (**CISA, CISM, CRISC, CISSP**) are a plus#LI-HYBRID**Workplace type:**Hybrid- 3 days in office;2 days WFH**Our values-based culture connects to our purpose and empowers people to be their best, professionally and personally. We serve a diverse consumer base which is why we believe teams that reflect our consumers bring fresh perspectives, drive innovation, and help us stay attuned to the world around us. That’s why we foster an inclusive culture where every person can feel respected, valued, and fully able to participate, and ultimately able to thrive.** **.****[U.S.]Additional Information:**At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits #J-18808-Ljbffr The Clorox Company