Information Security GRC Director
Lensa
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
Information Security GRC Director at Procter & Gamble
Lensa promotes jobs on behalf of its direct clients. This job is for Procter & Gamble, a company where business, innovation, and technology integrate to build a competitive advantage. Our IT professionals are diverse business leaders applying IT expertise to deliver innovative, tech-focused business models and capabilities for our 65 iconic, trusted brands.
From Day 1, you’ll be trusted to dive right in, take the lead, use your initiative, and build billion-dollar brands that help make everyday activities easier and make the world a better place! Our company offers purposeful work that will take your career places you never envisioned, in creative workspaces where innovation thrives and where your technical expertise is recognized and rewarded.
The Opportunity
Procter & Gamble is seeking an Information Security GRC Director passionate about safeguarding data, enabling business through smart risk management, and shaping the future of cybersecurity. The IT Governance, Risk, and Compliance (GRC) Organization at Procter & Gamble is responsible for risk identification, assessment, and remediation across the IT landscape, as well as driving automated governance and compliance breakthroughs. As the GRC expert, you’ll play a critical role in maturing and maintaining the security risk and compliance posture of our organization. You will lead initiatives that align our security program with business goals, ensure regulatory and policy compliance, and creatively solve problems to manage risk for the company.
Responsibilities
- Governance: Maintain and evolve the information security policy framework and controls aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and track metrics to measure policy adherence and program maturity. Drive internal alignment on security roles, responsibilities, and expectations.
- Risk Management: Manage the enterprise risk management process including risk identification, analysis, treatment planning, and reporting. Conduct security risk assessments for internal systems, projects, vendors, and business processes. Facilitate risk-based decision-making at all levels of the organization.
- Compliance: Ensure ongoing compliance with applicable regulations and frameworks (e.g., GDPR, HIPAA, CCPA, SOX). Maintain a library of evidence and documentation to support audit and regulatory needs. Monitor the effectiveness of IT controls and identify gaps in compliance. Analyze control measurements for negative trends and reoccurrence frequency. Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation.
- Awareness & Enablement: Contribute to the continuous improvement of the risk and compliance mindset across P&G. Build IT risk awareness by providing support and training to others. Collaborate cross-functionally with IT, Legal, Privacy, and Business Operations teams. Stay up to date with how current events, security focus areas, and the regulatory environment may impact P&G’s compliance processes.
Estimated Percent of Time Spent on Work
- 25% - Risk identification, analysis, and assessment
- 40% - Plan and drive enterprise-wide initiatives to reduce risk and improve compliance across the organization
- 25% - Assess and improve the effectiveness of IT controls and compliance across the enterprise
- 10% - Collaboration with internal/external auditors, driving a risk-aware compliance mindset
Required Job Qualifications
- Bachelor's degree in Computer Science, Computer Systems Engineering, Cybersecurity, Industrial Engineering, Business Management Information Systems, Software Development, or related field.
- Prior hands-on experience working in a security-focused role, such as Information Security Analyst, SOC Analyst, Security Engineer, etc.
- 8+ years of experience in Governance, Risk, and Compliance with a focus on Information Security.
- In-depth knowledge of major security frameworks (e.g., NIST CSF, ISO 27001, SOC 2).
- Experience conducting risk assessments, audits, and control testing.
- Strong understanding of regulatory compliance requirements (e.g., GDPR, HIPAA, SOX, PCI DSS).
- Proven ability to write policies, manage documentation, and communicate clearly to both technical and non-technical stakeholders.
- Ability to influence and build relationships with business unit stakeholders, external service providers, and architecture teams.
- The ability to work independently, collaborate, and learn quickly.
- English fluency (speak, write, and read).
Preferred Skills
- Certified in CISSP, ISACA CRISC, CGEIT, CISA, or similar.
Key skills/competency
- Information Security
- Governance, Risk, Compliance (GRC)
- NIST CSF
- ISO 27001
- Risk Assessment
- Regulatory Compliance
- Policy Development
- Audit Management
- Control Testing
- Cybersecurity
How to Get Hired at Lensa
- Research P&G's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor, focusing on innovation and global impact.
- Tailor your resume: Highlight extensive experience in GRC, information security, risk management, and regulatory compliance expertise relevant to P&G.
- Showcase leadership skills: Emphasize past achievements in driving security initiatives, cross-functional collaboration, and influencing stakeholders effectively.
- Prepare for GRC-specific questions: Demonstrate in-depth knowledge of major security frameworks like NIST CSF, ISO 27001, and key regulations (GDPR, HIPAA, SOX).
- Network strategically: Connect with IT and GRC professionals at Procter & Gamble on LinkedIn to gain insights and express genuine interest in the company.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background