215 grc lead jobs at 166 companies in United States
1mo
Save
Mark Applied
Hide
1mo
GRC Lead
San Francisco, California, United States
HybridFull Time
Brain Co.: Builds AI software platforms for governments and large enterprises.
8+ YOE8+ years building and running GRC programs in regulated environments; hands-on with SOC 2 Type II, HIPAA, ISO 27001, NIST 800-171, FedRAMP/GovRAMP, GLBA.
Brex: Corporate cards and spend management software for businesses.
5+ YOE5+ years in GRC/IT governance or security engineering; deep SOC 2, PCI DSS, ISO 27001, NIST CSF; Python and API integrations; automation and scalable security metrics.
Pallet: Automating logistics and supply chain workflows using AI agents.
7+ YOE7+ years GRC/security compliance experience; ownership of SOC 1/SOC 2 Type II cycles, GDPR/CCPA privacy, vendor risk; technical familiarity with AWS/GCP and compliance automation; certifications (CISA, CISSP, ISO 27001 LA) a plus.
SalesforceNYSE: CRM: Sells cloud-based customer relationship management and business software solutions.
3+ YOE3-5+ years FedRAMP and software security governance; project/program management; experience with GovCloud, and certifications like CISSP/CISA/CISM.
Morgan & Morgan: Provides legal representation for personal injury and consumer litigation.
4+ YOE4+ years in GRC/IT audit/compliance/information security; hands-on GRC platform experience (Vanta preferred); strong knowledge of ISO 27001, NIST CSF, CIS v8.1; ISC2 or ISACA certification required; experience leading audits and vendor risk assessments.
Westfield: Provides property, casualty, and specialty insurance and surety solutions.
7+ YOE7+ years in IT GRC, information security, or IT audit; Bachelor's in IT/cybersecurity or related; CISSP/CISA/CRISC/CISM/CGEIT preferred; subject-matter expertise in IT governance, controls, risk assessment, and compliance; must be authorized to work in the U.S. without sponsorship.
Rokt: Provides AI-driven personalization for ecommerce transaction checkouts.
4+ YOE4+ years GRC/audit experience in tech, working knowledge of ISO/SOC/NIST/privacy frameworks, hands-on audit experience, experience designing agentic AI systems, familiarity with cloud (AWS), APIs, SQL, Git, and basic scripting (Python/TypeScript).
Claude Code, Cursor, Copilot, Google ADK, LangGraph, OpenAI Agents SDK, MCP, OWASP Agentic Top 10, NIST AI RMF, ISO 27001, SOC 1, SOC 2, NIST CSF, GDPR, CCPA, CPRA, PCI-DSS, CIS, SCF, ISO 42001, AWS, APIs, SQL, Git, GitHub, Python, TypeScript, Jira
Northern TrustNASDAQ: NTRS: Financial services for individuals, families, and global institutions.
7+ YOE7+ years in cybersecurity with focus on assurance or audit; strong knowledge of cyber regulations and risk frameworks; CISSP/CISM/CRISC or similar; excellent communication and stakeholder management.
Energy TransferNYSE: ET: Operates energy infrastructure including pipelines, storage, and terminals.
Bachelor's or equivalent and 8+ years SAP security/GRC experience including S4/Fiori, GRC Access Control, SOX/internal controls, 2 full lifecycle SAP projects, audit remediation, and mentoring skills.
Senior Lead, SAP Security, GRC & Compliance- - PVH Corp.
Bridgewater, New Jersey, United States
$105k-$141k/yrHybridFull Time
PVHNYSE: PVH: Designs and markets global apparel and lifestyle brands.
8+ YOEBachelor's in Computer Science, Accounting or related; 8+ years SAP Security and GRC experience; expertise with SAP roles/authorization, GRC modules, SoD analysis, compliance (SOX/GDPR/HIPAA/NIST); strong communication and problem-solving.
S/4HANA, EWM, FMS CAR, Fiori, BW, ECC, SAP GRC Access Control, SAP GRC Process Control, SAP GRC Risk Management, SU24, PFCG, SAP RISE
SHEIN: Global online retailer selling affordable fashion and lifestyle products.
7+ YOE7+ years in information security risk management; bachelor’s degree; CISSP/CISM/CISA or ISO 27001 Lead Auditor desirable; strong standards knowledge; team leadership experience.
Lead, Information Risk and GRC (Miramar, FL, US, 33132)
Miramar, Florida, United States
OnsiteFull Time
Royal Caribbean GroupNew York Stock Exchange: RCL: Operates a global fleet of cruise ships.
5+ YOE5+ MgmtResponsible for leading third‑party risk and GRC programs; requires 5+ years in information security/IT/risk/audit, 5+ years managing projects/teams, info security certification (e.g., CISSP, CISM), GRC platform experience.
ServiceNow GRC, RSA Archer, MetricStream, NIST CSF, ISO 27001
Denver or São Paulo or Colombia or Argentina or United States or Brazil or Costa Rica
RemoteContract
AspenView: Provides nearshore software engineering and digital transformation services.
12+ YOE5+ Mgmt12+ years in cybersecurity with 5+ years leading enterprise GRC; CISSP or CISM required, CRISC or CGEIT preferred; expertise in NIST, ISO, SOX, GDPR, CMMC; executive advisory and team leadership skills.
NIST CSF, NIST RMF, ISO 27001, ISO 31000, SOX, GDPR, CMMC
Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics
Raritan or West Chester or Palm Beach Gardens or Warsaw or Raynham
$178k-$307k/yrHybridFull Time
Johnson & JohnsonNYSE: JNJ: Provides pharmaceutical products and medical technology healthcare solutions.
12+ YOE12+ years cybersecurity/GRC experience, bachelor\u0002s required (master\u0002s preferred), proven experience building enterprise GRC, SOX/IT controls, audit readiness, and leading cybersecurity teams; travel up to 20%.
Ultra Clean HoldingsNASDAQ: UCTT: Provides critical subsystems and cleaning services for semiconductor manufacturing.
3+ YOE3+ years in IT governance, risk, compliance, audit, or related field; bachelor's degree or equivalent experience; professional certifications (CRISC, CISA, CISM, CISSP) preferred; experience with control testing, risk registers, third-party risk, and audit readiness.
Tech MahindraNational Stock Exchange of India: TECHM: Global provider of information technology and business process services.
6+ YOEBachelor's degree required; 6+ years experience in SOX/ITGC with expertise in control design, operating effectiveness, deficiency management, evidence validation, audit support, and remediation advisory.