Cybersecurity GRC Manager

Excelitas is a global technology leader with more than 7500 employees focused on delivering market-driven solutions to fulfill the illumination optical detection and imaging needs of OEMs and end-users across the biomedical semiconductor industrial consumer products scientific security defense and aerospace sectors.ENGAGE with us today and make your contribution to the future Join the team that leading technology companies turn to for cutting-edge photonic innovation. At Excelitas Technologies you are how we EXCEL.We are presently seeking aCybersecurity GRC Managerwho will work out of our corporate headquarters in Pittsburgh PA. and is committed to ensuring overall business success and corporate governance. In addition to a vast portfolio of high-performance photonic products and technologies Excelitas offers single source convenience and reliability for integrated end-to-end photonic solutions… from light source to sensor and everything in between. We excel at delivering innovative and customized components sub-assemblies and fully integrated photonic systems to meet the unique illumination optronic sensing and optical technology needs of global OEM customers. Main responsibilities Governance & Policy DevelopmentDevelop maintain and govern information security policies standards and procedures ensuring alignment with regulatory contractual and customer requirements Ensure policies and related documentation are clear practical enforceable and reviewed on a defined documented cadence Translate external regulatory contractual and customer security requirements into internal control expectations and actionable guidance Monitor changes in regulatory requirements and industry frameworks assessing organizational impact and driving updates to policies and controls as needed Manage the policy exception and waiver process ensuring risk assessment appropriate approval time-bound tracking and resolutionCompliance & Regulatory AssuranceSupport and manage compliance with CMMC Level 2 SOX and other regulatory or customer-driven security requirements Develop and maintain CMMC program documentation including system boundaries data flows interconnections and control implementations Maintain the organizations SPRS score in coordination with Cybersecurity Infrastructure and control owners ensuring alignment with the current security assessment posture Support SOX IT General Controls ITGCs including access reviews change management and IT operations controls Manage remediation activities across audit findings control gaps and POA&Ms ensuring clear ownership validated closure evidence and timely resolution Serve as the primary point of contact for internal and external audits coordinating walkthroughs evidence collection control testing and ensuring timely high-quality responsesIT Security Risk ManagementConduct IT security risk assessments documenting risks impacts likelihood and mitigation plansMaintain the enterprise IT security risk register and track risks through remediation or formal risk acceptanceProvide risk-based guidance to stakeholders on control design security architecture decisions and risk acceptanceDevelop and maintain GRC dashboards metrics and reporting to provide visibility into risk posture control effectiveness and program healthPrepare and deliver risk briefings and GRC program updates to senior leadership ensuring informed decision-making and documented risk acceptance Support and mature the Third-Party Risk Management TPRM program including risk assessments and ongoing monitoringSupport the development and delivery of security awareness and compliance training programs aligned with organizational and regulatory requirements Identify opportunities for process improvement and automation within GRC workflows including evaluation and implementation of GRC toolingGRC Team ManagementManage day-to-day activities of GRC analystsConduct performance reviews and annual goal settingDrive team development capability building and professional growthRequirements· 5 years of progressive experience in IT Security Governance Risk & Compliance GRC or related disciplines · Strong working knowledge of CMMC and NIST SP 800-171 requirements SOX IT General Controls ITGCs Third-Party Risk Management TPRM and IT security risk management frameworks · Demonstrated ability to develop and maintain security policies procedures and standards that are clear enforceable and audit-ready · Hands-on experience supporting internal and external audits including evidence preparation walkthrough facilitation and remediation of findings · Strong analytical organizational documentation and communication skills · Proven ability to manage multiple concurrent workstreams and drive activities to timely completion with minimal supervision · U.S. Person status as defined under ITAR 22 CFR §120.62 required due to access to export-controlled information and Controlled Unclassified Information CUIPreferred QualificationsExperience in regulated environments such as a public company defense aerospace manufacturing or other highly regulated industriesFamiliarity with frameworks such as NIST SP 800-171 NIST SP 800-53 ISOIEC 2700127002 NIST CSF COSO COBITExperience with GRC tools e.g. AuditBoardOptro Archer ZenGRC or similarWorking knowledge of safeguarding CUI and export control requirements ITAR EAR DFARS 252.204-7012Experience with cloud security compliance in Microsoft 365 Azure environments including GCC-HighExperience developing or maintaining System Security Plans SSPs and POA&MsProfessional certifications such as CISA CISM CRISC CISSP RP CCP.Please NoteThis position requires the use of information which is subject to the International Traffic in Arms Regulations ITARNo relocation offered for this positionMust be a US PersonsNo sponsorship offered for this positionEqual OpportunityAffirmative Action EmployerEqual opportunity employer MinoritiesFemalesDisabilityGender IdentitySexual OrientationExcelitas is seeking leaders and innovators to join our global team Visit www.excelitas.comjoin-our-team LI-AM1