DIrector, Governance, Risk & Compliance (GRC) and Third-Party Security Risk jobs in United States
cer-icon
Apply on Employer Site
company-logo

Lumentum · 1 month ago

DIrector, Governance, Risk & Compliance (GRC) and Third-Party Security Risk

positionSan Jose, CA
timeFull-time
remoteOnsite
seniorityDirector/Executive
money$165K/yr - $235K/yr
date13+ years exp

Lumentum is a company that values passion and customer focus, and they are seeking a Director for Governance, Risk & Compliance (GRC) and Third-Party Security Risk. This role will lead Lumentum’s global security governance, compliance, and third-party risk programs, ensuring that their compliance and vendor ecosystems remain secure and aligned with industry standards.

Optical CommunicationSemiconductorTelecommunications
check
H1B Sponsor Likelynote

Responsibilities

Lead and maintain Lumentum’s global information security compliance program across ISO 27001:2022, NIST CSF, and NIST SP 800-171
Develop and maintain structured frameworks for tracking compliance initiatives—defining project milestones, owners, dependencies, and measurable outcomes
Build and maintain dashboards and executive reports summarizing project progress, audit results, remediation status, and control maturity
Coordinate internal and external audits, certification renewals, and third-party assessments
Partner with enterprise risk management, audit, IT, and operations teams to integrate GRC processes into broader corporate governance
Ensure security controls are maintained across both on-prem and cloud/SaaS environments
Design, implement, and lead a global third-party risk management (TPRM) program encompassing suppliers, service providers, and strategic partners
Define and maintain vendor security assessment frameworks, control baselines, and onboarding/off-boarding requirements
Track and report on vendor coverage, risk remediation progress, and control maturity metrics
Establish continuous monitoring mechanisms to identify new or emerging vendor threats
Collaborate with Procurement, Legal, and Supply Chain to embed security controls in vendor contracts and lifecycle processes
Lead response coordination for vendor-related security incidents impacting Lumentum operations or data
Partner with IT, Supply Chain, Operations, Legal, and regional teams to align governance and risk management with business objectives
Guide cross-functional teams through remediation and risk reduction initiatives
Mentor and develop team members, fostering a culture of accountability, continuous improvement, and measurable progress
Present program performance and maturity metrics to executive leadership

Qualification

ISO 27001NIST CSFNIST SP 800-171Program managementThird-party risk managementDashboard developmentGRC toolingPrivacy frameworksSecure SDLCTechnical communication

Required

Expertise in ISO 27001 implementation and audit lifecycle management
Deep understanding of NIST CSF, NIST SP 800-171, and control mapping across frameworks
Strong program management skills with ability to define, track, and report a portfolio of compliance and risk initiatives
Experience developing dashboards and reporting mechanisms for risk, remediation, and control maturity tracking
Proficiency in designing and operating third-party risk programs covering assessments, control validation, and ongoing monitoring
Capability to translate technical security findings into clear business impact
Advanced written and verbal communication for executive-level reporting and board-facing deliverables
Familiarity with hybrid enterprise environments (on-premises, SaaS, cloud platforms)
Bachelor's degree in Information Security, Computer Science, Cybersecurity, or a related field
Minimum 13 years of experience in information security, with at least 5 years focused on governance, risk, and compliance or third-party/vendor risk management
Proven leadership in managing enterprise-wide compliance programs and coordinating audits or certifications
Demonstrated success implementing ISO 27001 and NIST frameworks across complex, distributed enterprises
Experience building and maintaining structured tracking and reporting frameworks for compliance and vendor risk portfolios
Prior experience engaging with procurement, supply chain, and legal teams to manage third-party risks
Track record of building executive reporting that demonstrates measurable risk reduction and maturity improvement
Strategic thinking and the ability to align cybersecurity governance with business objectives
Analytical rigor with high attention to detail and accuracy
Excellent organizational skills with ability to manage multiple concurrent projects
Collaborative leadership with cross-functional influence
Clear communication—able to distill complex data into actionable insights
Accountability and ownership of deliverables in a fast-paced, global environment
Continuous learning mindset and adaptability to emerging security frameworks and technologies

Preferred

Experience with GRC tooling (e.g., Archer, ServiceNow GRC, OneTrust, or similar)
Background in global manufacturing or high-tech supply chain environments
Knowledge of privacy frameworks (GDPR, CCPA) and data protection practices
Working knowledge of secure software development lifecycle (SDLC) and DevSecOps principles
Familiarity with cybersecurity metrics automation and business intelligence visualization tools
Master's degree
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
ISO 27001 Lead Implementer or Auditor
CRISC (Certified in Risk and Information Systems Control)
CCSP (Certified Cloud Security Professional)
CISA (Certified Information Systems Auditor)

Benefits

Annual bonus
Commission for certain sales roles
Equity
Health and welfare benefits

Company

Lumentum

twittertwittertwitter
Glassdoor3.9
company-logo
Lumentum Operations is an optical and photonic products manufacturer.
dateFounded in 2015
location
Milpitas, California, USA
people-size5001-10000 employees
web-link
https://www.lumentum.com/en

H1B Sponsorship

Lumentum has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (11)
2024 (11)
2023 (14)
2022 (34)
2021 (25)
2020 (31)

Funding

Current Stage
Public Company
Total Funding
$3.67B
2025-09-04Post Ipo Debt· $1.1B
2023-06-12Post Ipo Debt· $525M
2022-03-03Post Ipo Debt· $750M

Leadership Team

leader-logo
Wajid Ali
Executive Vice President and CFO
linkedin
leader-logo
Misha Rozenberg
Executive Vice President of Operations and Quality
linkedin

Recent News

thefly.com
Lumentum falls -9.2%
2026-01-06
MarketScreener
Lumentum appoints Thad Trent to board of directors
2025-12-15
MarketScreener
Lumentum Appoints Thad Trent to Board of Directors
2025-12-15
Company data provided by crunchbase