Information Security - Governance, Risk, and Compliance (GRC) Director

About The Position

Requirements

• Bachelor's degree in Computer Science, Computer Systems Engineering, Cybersecurity, Industrial Engineering, Business Management Information Systems, Software Development, or related field.
• 8+ years of experience in Information Security with a focus on Governance, Risk, and Compliance.
• In-depth knowledge of major security frameworks (e.g., NIST CSF, ISO 27001, SOC 2).
• Experience conducting risk assessments, audits, and control testing.
• Strong understanding of regulatory compliance requirements (e.g., GDPR, HIPAA, SOX, PCI DSS).
• Proven ability to write policies, manage documentation, and communicate clearly to both technical and non-technical stakeholders.
• Ability to influence and build relationships with business unit stakeholders, external service providers, and architecture teams.
• The ability to work independently, collaborate, and learn quickly.
• English fluency (speak, write, and read).
• Ability to work onsite in Cincinnati, OH based offices 3 days per week.

Nice To Haves

• Certified in CISSP, ISACA CRISC, CGEIT, CISA, or similar.
• A history of solving compliance problems with creative solutions.

Responsibilities

• Maintain and evolve the information security policy framework and controls aligned with industry best practices (e.g., NIST, ISO 27001, CIS).
• Establish and track metrics to measure policy adherence and program maturity.
• Drive internal alignment on security roles, responsibilities, and expectations.
• Manage the enterprise risk management process including risk identification, analysis, treatment planning, and reporting.
• Conduct security risk assessments for internal systems, projects, vendors, and business processes.
• Facilitate risk-based decision-making at all levels of the organization.
• Ensure ongoing compliance with applicable regulations and frameworks (e.g., GDPR, HIPAA, CCPA, SOX).
• Maintain a library of evidence and documentation to support audit and regulatory needs.
• Monitor the effectiveness of IT controls and identify gaps in compliance.
• Analyze control measurements for negative trends and reoccurrence frequency.
• Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation.
• Contribute to the continuous improvement of the risk and compliance mindset across P&G.
• Build IT risk awareness by providing support and training to others.
• Collaborate cross-functionally with IT, Legal, Privacy, and Business Operations teams.
• Stay up to date with how current events, security focus areas, and the regulatory environment may impact P&G’s compliance processes.

Benefits

• Salary range: $160,000 - $220,000
• Total rewards include salary + bonus (if applicable) + benefits.