Cybersecurity GRC Program Manager
About The Position
EnerSys is a global leader in stored energy solutions for industrial applications. We have over thirty manufacturing and assembly plants worldwide servicing over 10,000 customers in more than 100 countries. Worldwide headquarters are located in Reading, PA, USA with regional headquarters in Europe and Asia. We complement our extensive line of Motive Power and Energy Systems with a full range of integrated services and systems. With sales and service locations throughout the world, and over 100 years of battery experience, EnerSys is the power/full solution for stored DC power products. Job PurposeThe Cybersecurity Governance, Risk, and Compliance (GRC) Program Manager is responsible for providing guidance, executing assessments, collaborating with auditors, managing evidence, analyzing risks, ensuring adherence to processes, and communicating effectively with internal stakeholders. Collaborate within an expanding Cybersecurity team and work closely with internal EnerSys teams to ensure new and continued compliance with cybersecurity frameworks and required programs and initiatives.
Requirements
- A degree in a technical field (Computer Science, Information Systems, or Cybersecurity) is preferred but not required.
- 5+ years of experience in Information Technology and client/customer management.
- Strong understanding of cybersecurity principles, risk management frameworks, and compliance standards (e.g., CMMC, EU CRA, NIS2, TISAX, Essential Eight, IEC 62443, NIST CSF&RMF, ISO 27001).
- Experience working with internal and external auditors.
- Excellent communication and interpersonal skills: Oral, written and listening.
- Strong analytical and problem-solving abilities.
- Ability to work independently and collaboratively in a cross-functional environment.
- Relevant IT certification (e.g., CISSP, CISM, CISA, CRISC) other relevant certifications are preferred.
- Problem management / resolution skills; project management skills; generally accepted security principles.
- Ability to analyze data, resources, and schedules to make decisions that affect a project on a regular basis.
- This position is subject to U.S. export control laws and regulations, including ITAR. Employment is contingent upon the applicant's ability to qualify as a ‘U.S. person’ under 22 C.F.R. § 120.62. A ‘U.S. person’ includes U.S. citizens, lawful permanent residents, refugees, and asylees.
Responsibilities
- Provide GRC guidance and interpretation of rules, regulations, risks, and best practices.
- Execute cybersecurity risk assessment and control attestation processes, including ongoing and annual assessments.
- Collaborate with Internal and External Auditors on security assessments and audits.
- Review control effectiveness evidence, collect, review, and upload evidence for compliance purposes.
- Document emerging and residual risk, assist in risk analysis and evaluation, and identify potential areas of risk.
- Engage with internal teams and consultants to ensure adherence to processes and troubleshoot, identify, analyze, and mitigate risks in existing processes, policies, and procedures.
- Lead the information security compliance program, ensuring compliance with regulations, and develop and implement effective policies and practices to secure sensitive data.
- Communicate operational metrics and trend analysis for IT Leadership, and collaborate with cross-functional teams to align GRC efforts with business objectives.
- Stay up to date on regulatory developments and industry trends.
- Expected to travel up to 10% each year.
- Perform other duties as assigned.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Education Level
No Education Listed
