Cybersecurity Governance, Risk & Compliance (GRC) Lead

The Clorox CompanyPleasanton, CA
$88,900 - $204,900Hybrid
Match Resume

About The Position

We are seeking a highly skilled and motivated Cybersecurity Governance, Risk & Compliance (GRC) Lead. This position reports to the Cybersecurity GRC Product Owner. The mission of this role is to support and continuously improve the company’s cybersecurity program, with a focus on driving risk informed decision making across sensitive data, systems, cloud environments, and third party relationships. In this role, the individual will work cross functionally as a trusted security advisor to identify, assess, and manage cybersecurity risks; ensure compliance with internal security policies, industry frameworks, and regulatory requirements; and guide business and technology leaders in making informed risk management decisions. The role requires a strong understanding of cybersecurity risks, technologies, and controls, as well as the ability to clearly communicate complex risk concepts to both technical and non technical stakeholders. The ideal candidate is deadline driven, detail oriented, and an excellent communicator, with deep expertise in cybersecurity governance and risk management best practices, with a focus on including third party security risk.

Requirements

  • 6+ years of experience performing cybersecurity risk assessments and applying risk management methodologies
  • 6+ years of tracking, monitoring, and reporting cyber risk to management
  • 6+ years of cybersecurity governance, risk, and compliance experience
  • Demonstrated experience in third‑party cyber risk management, including vendor risk assessments, remediation tracking, and stakeholder coordination
  • Experience managing a team of offshore managed service providers.
  • Experience managing vendor risk across SaaS, cloud, data processors, and managed service providers
  • Strong knowledge of cybersecurity controls management, controls testing, and automation
  • Hands‑on experience with cybersecurity and privacy frameworks (e.g., NIST CSF/RMF, ISO 27001/27002, SOC 1/2/3, SOX, GDPR, CCPA)
  • Experience with AI/ML risk management frameworks (e.g., NIST AI RMF, ISO/IEC 42001) and understanding of AI‑specific threat vectors
  • Experience drafting and maintaining cybersecurity policies and standards
  • Experience using ServiceNow Integrated Risk Management or a comparable GRC platform
  • Ability to influence without authority and communicate complex risk topics clearly to diverse audiences

Nice To Haves

  • Cyber risk or audit certifications (CISA, CISM, CRISC, CISSP) are a plus

Responsibilities

  • Lead and execute third‑party cybersecurity risk assessments throughout the vendor lifecycle, including onboarding, periodic reassessment, contract renewal, and offboarding.
  • Evaluate vendor security posture using multiple inputs, including questionnaires, SOC reports, penetration test summaries, certifications, and evidence artifacts.
  • Assess critical and high‑risk vendors, including SaaS, cloud service providers, data processors, and managed service providers, for alignment with company security and privacy requirements.
  • Partner with Procurement, Legal, Privacy, IT, and the business to ensure cybersecurity risks associated with third parties are identified, documented, and addressed prior to contract execution.
  • Define and enforce risk‑based onboarding and reassessment requirements aligned to vendor criticality, data sensitivity, and system access.
  • Track third‑party risk findings, remediation commitments, and compensating controls to closure; escalate overdue or unacceptable risks as appropriate.
  • Support contract security requirements, including review of security clauses, right‑to‑audit provisions, data protection obligations, and incident notification requirements.
  • Maintain visibility into third‑party risk trends and exposures and report material risks to leadership.
  • Ensure third‑party risk processes meet public‑company audit and regulatory expectations and support internal audit and external reviews.
  • Assess cybersecurity risks related to internal systems, cloud services, applications, and third‑party vendors across technology and operational initiatives.
  • Ensure alignment with applicable cybersecurity, privacy, and compliance frameworks (e.g., NIST, ISO, SOC, SOX, GDPR, CCPA).
  • Support day‑to‑day operations by identifying cybersecurity compliance risks, ensuring appropriate escalation, and coordinating timely corrective actions.
  • Collaborate with technical and non‑technical teams to evaluate the effectiveness of security controls, identify and categorize risks, recommend improvements, and communicate outcomes.
  • Facilitate the development, maintenance, and enforcement of cybersecurity policies and standards in collaboration with internal subject matter experts.
  • Challenge the first line of defense by validating required assessments and attestations (e.g., PCI, SOX, GDPR, CCPA) and providing compliance guidance where necessary.
  • Provide oversight of vulnerability management, risk remediation activities, and the policy exception request process.
  • Communicate emerging risks, audit findings, and control issues to key stakeholders, and support remediation planning and execution.
  • Develop metrics and reporting to provide leadership visibility into cybersecurity risk posture, compliance status, and risk trends.
  • Evaluate AI‑enabled services offered by third parties for model security, training data governance, privacy implications, and exposure to model manipulation attacks.
  • Ensure cloud and AI services align with referenced security and privacy frameworks (e.g., NIST CSF/RMF, NIST AI RMF, ISO, SOC 2, GDPR, CCPA).
  • Advise on secure adoption of emerging technologies while maintaining risk, compliance, and governance standards.
  • Work closely with business, technology, and compliance counterparts to understand business objectives and ensure alignment with security policies and best practices.
  • Build strong relationships with business units to embed security‑by‑design into projects, architecture, infrastructure, and applications.
  • Build trusted relationships with senior leaders to accelerate adoption of cybersecurity governance and compliance initiatives.
  • Educate teams across the organization on cybersecurity risk, governance methodologies, and third‑party risk responsibilities.

Benefits

  • Robust health plans
  • Market-leading 401(k) program with a company match
  • Flexible time off benefits (including half-day summer Fridays depending on location)
  • Inclusive fertility/adoption benefits

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

No Education Listed

Number of Employees

1,001-5,000 employees

Job Search Resources

Similar Cybersecurity Governance, Risk & Compliance (GRC) Lead job opportunities

Governance, Risk & Compliance (GRC) Manager
Sigma Computing
Sigma Computing • New York, NY5d • Onsite
Governance, Risk & Compliance (GRC) Manager
Sigma Computing
Sigma Computing • San Francisco, CA5d • Onsite
Governance, Risk & Compliance (GRC) Manager
Sigma Computing
Sigma Computing • New York City, NY4d • Onsite
Senior Governance, Risk & Compliance (GRC) Analyst
Nasuni
Nasuni • Boston, MA7d • Hybrid
Security Engineer - GRC
Machinify
Machinify6d • $90,000 - $120,000 • Remote
Cybersecurity GRC Lead
Trident Consulting Inc
Trident Consulting Inc • Burlington, MA2d • Hybrid

Tools

Templates & Examples

Resources

Comparisons

Company

Over 4 Million Users
Free AI tools and resources to help you land your next job, faster
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service