Information Security Governance, Risk, and Compliance (GRC) Manager
Lisle, IL, US, 60532
CTS Corporation
CTS is a $550 million corporation that employs 3,500+ dedicated people. CTS designs and manufactures electronic components, actuators, and sensors to OEMs in the automotive, communications, medical, defense and aerospace, industrial, and computer markets. The company manufactures products in North America, Europe, and Asia. Founded in 1896 as Chicago Telephone Supply, CTS is headquartered in Lisle, IL.
Job/Position Summary
The Information Security Governance, Risk, and Compliance (GRC) Manager in CTS plays a crucial role in developing and maintaining CTS’s information security framework and Cybersecurity posture. The GRC Manager assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.
This position is based at our corporate headquarters in Lisle, IL. It requires occasional travel to other company sites.
Major Areas of Responsibility
- Cyber Risk Assessments: Conducting thorough assessments to identify and evaluate potential cybersecurity risks.
- Policy Development: Creating and enforcing cybersecurity policies and standards to ensure compliance with industry regulations and best practices.
- Risk Mitigation: Implementing strategies to mitigate identified risks and protect the organization’s assets.
- Compliance Management: Ensuring the organization adheres to relevant security standards and regulations such as NIST, ISO 27001, CMMC/DFARS and GDPR.
- Audit and Compliance Activities: Managing internal and external audits, participate in customer audits, tracking remediation efforts, and ensuring continuous compliance.
- Vendor Risk Management: Conducting due diligence and risk assessments for third-party vendors to ensure they meet the organization’s security requirements.
- User Awareness Training: Overseeing and developing training programs to educate employees on cybersecurity best practices and compliance requirements.
- Collaboration: Working closely with internal teams, including legal, IT, and data privacy, to align cybersecurity efforts with organizational goals.
- This role requires a strong understanding of cybersecurity frameworks, excellent communication skills, and the ability to manage multiple projects simultaneously. Certifications like CGRC (Certified in Governance, Risk, and Compliance) can be beneficial.
Required Knowledge, Skills and Abilities
- Strong understanding of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, TiSAX).
- Experience in creating, managing, and maturing an Information Security Management System
- Information Security Auditing and Compliance Experience
- Proficiency in risk assessment and management tools.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills to effectively interact with stakeholders at all levels.
- Ability to manage multiple projects and prioritize tasks efficiently.
- In-depth knowledge of data privacy laws and regulations such as GDPR, CCPA, and others.
Required Education and Experience
- Bachelor's degree in computer science, information technology, Cybersecurity or a related field or equivalent experience.
- At least 5-7 years of experience in cybersecurity, risk management, or compliance roles.
- Experience in managing GRC programs and leading teams is highly valued.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Auditor (CISA) are required.
- Additional certifications like Certified in Governance, Risk and Compliance (CGRC) can be beneficial.
- Experience working with global teams in a manufacturing and or defense industry will be preferred.
United States EEO Statement
CTS Corporation is an affirmative action/equal opportunity employer who complies with all applicable federal, state and local employment laws. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at CTS Corporation will be based on merit, qualifications, and abilities. It has been and shall continue to be both the official policy and the commitment of CTS Corporation to further equal employment opportunities for all persons regardless of, among other characteristics, race, religion, color, national origin, sex, sexual orientation, gender identity, age, genetic information, status as a protected veteran or status as a qualified individual with a disability, or any other characteristics protected by applicable Federal, State or Local law.
We fully comply with all applicable Department of Labor and EEOC rules, regulations, guidelines, and orders including but not limited to Executive Order 11246 and 41 C.F.R. §§ 60-1.4, 60-250.5(a), 60-300.5(a) and 60-741.5(a). The parties hereby incorporate the requirements of 41 C.F.R. §§ 60-1.4(a)(7), 29 C.F.R. Part 471, Appendix A to Subpart A, 41 C.F.R. § 60-300.5(a) and 41 C.F.R. § 60-741.5(a), if applicable. Except where prohibited by law, all offers of employment are contingent upon successfully passing a background check and drug screening.
ADA accommodation statement: If you require reasonable accommodation in the application process, call Human Resources at 630.577.8811. All other applications must be submitted online.
United States Additional Considerations
It is unlawful in all states where the Company operates, including Massachusetts, to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates applicable laws may be subject to criminal penalties and civil liability. The Company does not require a lie detector test as a condition of employment nor continued employment.
Applicants must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the United States.
No agencies, please. We do not accept any unsolicited resumes and are not looking to engage an agency. We receive inquiries from agencies daily. Do not direct any inquiries or emails to hiring managers. It is not our standard practice to utilize agencies; we are a federal contractor and need to comply with the same process for all.
Global Privacy Policy
Click Here to Read CTS’ Privacy Policy https://www.ctscorp.com/privacy-policy/
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits C CCPA CGRC CISA CISM CISSP CMMC Compliance Computer Science CRISC DFARS GDPR Governance Industrial ISO 27001 NIST Privacy Risk assessment Risk management TISAX
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.