Cybersecurity GRC Product Owner

About The Position

Requirements

• 10 plus years of experience as a product owner or in a similar role within Cybersecurity GRC and Privacy.
• Experience leading enterprise AI Security & Governance program, defining key cybersecurity controls for AI/ML systems and partnering with Security Engineering, Privacy, and Legal to ensure responsible, secure AI adoption.
• Experience directing and developing high‑performing Cyber GRC function, driving scalable governance processes and enabling secure AI innovation across the organization. (People Management is required)
• Knowledge of security and privacy frameworks and regulations, including ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, and GDPR.
• Advanced understanding of information security concepts, including cloud security, compliance, access controls, and disaster recovery.
• Proven ability to coordinate cross-functional teams and stakeholders globally to achieve operational goals and deliver technology initiatives.
• Track record of mentoring and managing teams of experienced technologists, setting clear priorities to achieve organizational goals.
• Hands-on experience in software development with a focus on cybersecurity outcomes and leadership in information security and risk management.
• Strategic planning and roadmap development skills to implement strategic plans and manage product roadmaps.
• Strong communication and leadership abilities to guide and inspire teams, along with expertise in risk management, privacy, data security, and incident response.

Nice To Haves

• Relevant industry certifications such as CISSP, CISA, CISM, or CRISC are preferred.
• Experience with IT GRC tools (e.g. ServiceNow IRM, OneTrust) and developing successful risk management programs.

Responsibilities

• Governance Develop and maintain the security governance framework, policies, and procedures aligned with industry standards and best practices. Ensure that the organization adheres to established governance guidelines. Ensure AI capabilities are governed, secure, explainable, compliant, and human‑accountable, while delivering measurable risk and efficiency outcomes without increasing regulatory or data exposure. Collaborate with the business, IT Infrastructure and Applications leaders to implement and enforce standards and control objectives throughout the organization.
• Risk Management Identify, assess, and prioritize security risks related to assets, systems, and data. Define security improvements to resolve or mitigate security findings or otherwise enhance security posture to achieve compliance with all security initiatives. Implement risk mitigation strategies and controls to minimize exposure to threats and vulnerabilities. Conduct regular security risk assessments and provide recommendations for remediation actions. Evaluate and manage security risks associated with third-party vendors and service providers. Overseeing audits, penetration tests, and forensic investigations, ensuring that findings are comprehensively understood and effectively remediated.
• Compliance Establish and maintain an effective compliance framework aligned with applicable laws, regulations, and global industry standards. Ensure compliance with regulatory mandates and reporting requirements. Oversee internal and external audits, addressing findings and implementing corrective actions. Enforce standards of multiple security frameworks, including SOX, PCI, and Global Privacy regulations (e.g. CCPA, GDPR) Ensure AI capabilities meet regulatory and compliance expectations by understanding applicable AI, privacy, and sector‑specific regulations (e.g. EU AI Act) and mapping AI use cases to established control frameworks (SOX, ISO 27001, SOC 2, NIST, and privacy requirements)
• Training and Awareness Drive strategy for the Human Risk Management Program Lead educational initiatives to promote a culture of risk awareness and compliance among employees and third parties. Address the unique threats and risks specific to the organization’s business and technological environment.
• Stakeholder Engagement Collaborate with executive leadership and internal stakeholders to align security initiatives with business objectives. Serve as the main liaison for business units and functions, ensuring cybersecurity risks are effectively identified, assessed, and managed. Engage with external stakeholders, including regulators, partners, and vendors, on GRC matters.
• Leadership and Management Build and nurture a high-performing team, fostering professional growth and ensuring the team is equipped to meet organizational goals. Develop and maintain a comprehensive cybersecurity architecture and roadmap in alignment with GRC/Privacy organizational standards. Keep abreast of the latest cybersecurity trends, threat landscapes, and technologies, recommending and implementing appropriate strategies and solutions. Foster a culture of continuous improvement and innovation within the product team, constantly seeking opportunities for enhancement and optimization. Define the overall product roadmap and collaborate with teams to develop and execute a backlog that aligns with group priorities.

Benefits

• comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more.