Manager, IT Governance, Risk & Compliance

The Marmon Group LLC

As a part of the global industrial organization Marmon Holdings-which is backed by Berkshire Hathaway-you'll be doing things that matter, leading at every level, and winning a better way. We're committed to making a positive impact on the world, providing you with diverse learning and working opportunities, and fostering a culture where everyone's empowered to be their best.

The Manager of IT Governance, Risk, and Compliance (GRC) will be a hands-on leader responsible for managing, implementing, and maturing Marmon's enterprise-wide security GRC program. This role will directly manage the GRC program at the group level and be expected to mentor, lead, and motivate others across Marmon's business groups to foster a strong, unified security culture. This role is for a "builder" who can execute strategy, enhance existing processes, and implement new controls to elevate the company's security posture. As a key member of the security team, this highly visible role requires a leader who can translate security strategy and complex regulatory requirements into actionable, day-to-day operations while working closely with the CISO to manage the GRC function and ensure information assets are protected.

WHAT YOU'LL DO:

• Manage, maintain, and enhance Marmon's IT and security GRC program, focusing on policy improvements, process implementation and maturation
• Develop, implement, and manage a group-wide risk management process to identify, track, and report on key security risks
• Oversee the end-to-end lifecycle of audit findings, from solution identification through remediation, ensuring timely closure and risk reduction
• Execute the compliance roadmap to achieve and maintain certifications and attestations for key standards, including NIST CSF, CMMC, NY-DFS, and CIS Implementation Group 1 (IG1)
• Act as a GRC subject matter expert to guide and assist technical teams in identifying and implementing solutions to mitigate their most acute risks
• Manage security-related audits and external assessments, serving as a primary point of contact for auditors
• Develop, document, and enforce security policies and controls that balance risk mitigation with business innovation and operational efficiency
• Maintain strong oversight for third-party and vendor risk management to safeguard against risks from external entities
• Define, track, and report key metrics to measure the effectiveness of the security program to security leadership
• Act as a key participant in the incident response process, ensuring strict documentation, tracking, and resolution
• Support disaster recovery and business continuity planning as they relate to security frameworks and compliance
• Openly support the CISO and the management team to drive the security strategy forward

#LI-Hybrid

WHAT YOU'LL BRING TO THE ROLE:

• Minimum 7+ years of experience in cybersecurity or information technology, with a strong focus on GRC, risk management, or audit, ideally in the manufacturing sector
• Demonstrated experience implementing or significantly maturing a GRC program or function
• Strong knowledge of security control frameworks and a deep understanding of regulatory requirements such as NIST CSF, CMMC, NY-DFS, CIS Controls, SOX, and GDPR
• Proven experience leading projects and delivering on GRC initiatives under tight deadlines
• Experience with cloud environments (e.g., Microsoft Azure, AWS) is highly preferred
• Excellent written and verbal communication skills, with the ability to translate security and risk concepts to various levels of the business
• A track record of acting with integrity, taking pride in your work, and fostering a positive security culture

Education and Certifications

• Bachelor's degree in computer science, Information Assurance, a related field, or equivalent work experience
• Professional certifications such as CISSP, CISM, CISA, or CRISC are highly preferred and will be prioritized

Pay Range:
120,000.00 - 180,000.00

We offer a comprehensive benefits package that may include medical, dental, vision, 401k matching, and more!

Following receipt of a conditional offer of employment, candidates will be required to complete additional job-related screening processes as permitted or required by applicable law.

We are an equal opportunity employer, and all applicants will be considered for employment without attention to their membership in any protected class. If you require any reasonable accommodation to complete your application or any part of the recruiting process, please email your request to , and please be sure to include the title and the location of the position for which you are applying.