Information Security - Governance, Risk, and Compliance (GRC) Director at Procter & Gamble Company

Cincinnati, Ohio, United States

Apply Now

Not SpecifiedCompensation

Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Consumer Goods, Information TechnologyIndustries

Requirements

Bachelor's degree in Computer Science, Computer Systems Engineering, Cybersecurity, Industrial Engineering, Business Management Information Systems, Software Development, or related field
8+ years of experience in Information Security with a focus on Governance, Risk, and Compliance
In-depth knowledge of major security frameworks (e.g., NIST CSF, ISO 27001, SOC 2)
Experience conducting risk assessments

Responsibilities

Maintain and evolve the information security policy framework and controls aligned with industry best practices (e.g., NIST, ISO 27001, CIS)
Establish and track metrics to measure policy adherence and program maturity
Drive internal alignment on security roles, responsibilities, and expectations
Manage the enterprise risk management process including risk identification, analysis, treatment planning, and reporting
Conduct security risk assessments for internal systems, projects, vendors, and business processes
Facilitate risk-based decision-making at all levels of the organization
Ensure ongoing compliance with applicable regulations and frameworks (e.g., GDPR, HIPAA, CCPA, SOX)
Maintain a library of evidence and documentation to support audit and regulatory needs
Monitor the effectiveness of IT controls and identify gaps in compliance. Analyze control measurements for negative trends and reoccurrence frequency
Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation
Contribute to the continuous improvement of the risk and compliance mindset across P&G. Build IT risk awareness by providing support and training to others
Collaborate cross-functionally with IT, Legal, Privacy, and Business Operations teams
Stay up to date with how current events, security focus areas, and the regulatory environment may impact P&G’s compliance processes

Skills

Key technologies and capabilities for this role

GRCNISTISO 27001CISRisk ManagementComplianceInformation SecurityPolicy FrameworkSecurity ControlsMetrics

Questions & Answers

Common questions about this position

What is the work location for this GRC Director position?

The job is located at the Cincinnati General Offices.

What salary or compensation does this role offer?

This information is not specified in the job description.

What key skills and expertise are required for the GRC Director role?

The role requires expertise in governance including maintaining security policy frameworks aligned with NIST, ISO 27001, and CIS; risk management such as enterprise risk processes and assessments; and compliance with regulations like GDPR, HIPAA, CCPA, and SOX.

What is the company culture like at P&G for this IT role?

From Day 1, you'll be trusted to dive right in, take the lead, use your initiative in creative workspaces where innovation thrives, and your technical expertise is recognized and rewarded with purposeful work.

What makes a strong candidate for the GRC Director position?

A strong candidate is passionate about safeguarding data, enabling business through smart risk management, and shaping cybersecurity, with expertise as a GRC expert to lead initiatives aligning security with business goals.