Apply on Employer Site

Procter & Gamble · 1 day ago

Information Security - Governance, Risk, and Compliance (GRC) Director (Remote)

United States

Full-time

Remote

Director/Executive

$160K/yr - $220K/yr

8+ years exp

Procter & Gamble is a global leader in consumer goods, and they are seeking a Governance, Risk, and Compliance Director passionate about safeguarding data and shaping the future of cybersecurity. The role involves managing risk, ensuring compliance with regulations, and leading initiatives to enhance the organization's security posture.

BeautyBrand MarketingCleaning ProductsConsumer GoodsCosmeticsNutritionPersonal Health

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Maintain and evolve the information security policy framework and controls aligned with industry best practices (e.g., NIST, ISO 27001, CIS)

Establish and track metrics to measure policy adherence and program maturity

Drive internal alignment on security roles, responsibilities, and expectations

Manage the enterprise risk management process including risk identification, analysis, treatment planning, and reporting

Conduct security risk assessments for internal systems, projects, vendors, and business processes

Facilitate risk-based decision-making at all levels of the organization

Ensure ongoing compliance with applicable regulations and frameworks (e.g., GDPR, HIPAA, CCPA, SOX)

Maintain a library of evidence and documentation to support audit and regulatory needs

Monitor the effectiveness of IT controls and identify gaps in compliance. Analyze control measurements for negative trends and reoccurrence frequency. Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation

Contribute to the continuous improvement of the risk and compliance mindset across P&G. Build IT risk awareness by providing support and training to others

Collaborate cross-functionally with IT, Legal, Privacy, and Business Operations teams

Stay up to date with how current events, security focus areas, and the regulatory environment may impact P&G’s compliance processes

Qualification

GovernanceRiskComplianceInformation SecuritySecurity FrameworksRisk AssessmentsRegulatory CompliancePolicy WritingIT ControlsDocumentation ManagementStakeholder InfluenceAudit ExperienceCISSP CertificationISACA CRISC CertificationCGEIT CertificationCISA CertificationEnglish FluencyCollaborationCommunication SkillsRelationship BuildingIndependent WorkQuick Learning

Required

Bachelor's degree in Computer Science, Computer Systems Engineering, Cybersecurity, Industrial Engineering, Business Management Information Systems, Software Development, or related field

Prior hands on experience working in a security-focused role, such as Information Security Analyst, SOC Analyst, Security Engineer, etc

8+ years of experience in Governance, Risk, and Compliance with a focus on Information Security

In-depth knowledge of major security frameworks (e.g., NIST CSF, ISO 27001, SOC 2)

Experience conducting risk assessments, audits, and control testing

Strong understanding of regulatory compliance requirements (e.g., GDPR, HIPAA, SOX, PCI DSS)

Proven ability to write policies, manage documentation, and communicate clearly to both technical and non-technical stakeholders

Ability to influence and build relationships with business unit stakeholders, external service providers, and architecture teams

The ability to work independently, collaborate, and learn quickly

English fluency (speak, write, and read)