Cyber GRC Analyst

Clorox is the place that’s committed to growth – for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team. #CloroxIsThePlace

Your role at Clorox:

We are seeking a highly skilled and motivated Cybersecurity Governance, Risk & Compliance (GRC) Analyst to join our team. Reporting to the Cyber GRC Product Owner, this position plays a crucial role in supporting and enhancing our company's cybersecurity program. You will focus on driving improvements in cyber risk management related to sensitive data, systems, third-party vendors, and cloud environments. Additionally, you will be responsible for developing, implementing, and managing our organization's security awareness program.

In this role, you will work with cross-functional business units as a trusted security advisor to address cyber risks, ensure compliance with security policies and standards, relevant regulatory requirements, and cybersecurity controls. You will advise business and technology leaders to ensure informed risk management decisions are made. Your ability to understand cyber risks and technologies and effectively communicate them to the business is essential. You will also educate employees on best practices to protect company assets, data, and systems from threats. Collaborating with various departments, you will tailor security training and awareness initiatives that are relevant, engaging, and effective. The ideal candidate is deadline-driven, detail-oriented, an excellent communicator, with in-depth knowledge of the cybersecurity industry and cyber risk management best practices, and has a track record of effectively communicating complex and technical information both written and verbally.

In this role, you will:

• Assess cyber risks related to vendors, systems and services associated with technology and operational projects.
• Support day-to-day operations by identifying potential areas of cybersecurity compliance risks and ensuring appropriate escalation and coordination of effective corrective actions.
• Collaborate with various technical and non-technical teams to evaluate the effectiveness of security controls, identify and categorize risks, provide improvement recommendations, and communicate outcomes of those activities.
• Assist in process improvement initiatives and the development/implementation of team metrics.
• Educate teams across the organization on cyber risk and governance methodologies for maintaining a secure enterprise and meeting regulatory compliance requirements.
• Facilitate the development of security policies and standards. Collaborate with internal subject matter experts to ensure policies are up to date.
• Lead the interactions with Internal Audit, manage relevant regulatory requirements, assist in the development of management responses, track, and monitor remediation progress till closure.
• Challenge the first line of defense, validate the required assessments and attestations (PCI, SOX, GDPR, CCPA) report on compliance internally, and provide guidance on compliance as necessary.
• Provide oversight of identifying, classifying, remediating, and mitigating vulnerabilities and the policy exception request process.
• Communicate emerging issues, potential risks, and audit results to key stakeholders, assist in the review, and formulate responses to issues and findings from all sources.
• Develop metrics and reports that provide management visibility into the current cyber risk and compliance posture and trends.
• Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with security policies and best practices.
• Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure, and applications.
• Build relationships with senior leaders to accelerate the adoption of compliance and security initiatives.
• Design and execute a comprehensive security awareness strategy tailored to the organization's needs.
• Create and maintain engaging content for security awareness campaigns, including newsletters, webinars, workshops, and e-learning modules.
• Collaborate with internal stakeholders to ensure that security awareness training aligns with business goals and addresses specific risks.
• Conduct regular training sessions and workshops for employees at all levels to promote awareness of security policies, procedures, and best practices.
• Develop customized training materials for various departments, roles, and teams to address specific security risks and compliance requirements.
• Stay updated on the latest cybersecurity threats and trends to continually improve training materials and methods.
• Monitor the effectiveness of security awareness programs through surveys, assessments, and metrics.
• Report on key performance indicators (KPIs) related to the security awareness program to management and stakeholders.
• Identify areas for improvement in security awareness initiatives based on feedback and monitoring results.
• Ensure that all security awareness activities comply with relevant laws, regulations, and industry standards.
• Collaborate with the legal and compliance teams to integrate security awareness into the organization’s overall compliance framework.

What we look for:

• 5+ years of experience in governance risk and compliance management
• Experience with Cybersecurity Risk Frameworks (NIST CSF/RMF, ISO 27001/27002, SOC (1,2,3), and Global Privacy regulations (e.g., CCRP, GDPR, etc.)
• Cybersecurity risk management function including third party cyber risk
• Cybersecurity controls management
• Controls testing and automation
• Governance risk and compliance management
• Experience in drafting security policies and standards
• Proficient in using e-learning platforms, training tools, and content creation software
• Analytical skills to measure the effectiveness of training programs and identify areas for improvement
• Ability to work independently and manage multiple projects simultaneously
• Experience in using/supporting ServiceNow Integrated Risk Management module (or related GRC platform
• Cyber Risk Certifications (CISA, CISM, CRISC, CISSP) is preferred
• Excellent communication and presentation skills, with the ability to convey complex security concepts to a non-technical audience

#LI-HYBRID

Workplace type:

Hybrid- 3 Days in office; 2 days WFH

We seek out and celebrate diverse backgrounds and experiences. We’re looking for fresh perspectives, a desire to bring your best, and a non-stop drive to keep growing and learning.

At Clorox, we have a Culture of Inclusion. We believe our values-based culture connects to our purpose and helps our people be the best versions of themselves, professionally and personally. This means building a workplace where every person can feel respected, valued, and fully able to participate in our Clorox community. Learn more about our I&D program & initiatives here.

[U.S.]Additional Information:

At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more.

We are committed to fair and equitable pay and are transparent with current and future teammates about our full salary ranges. We use broad salary ranges that reflect the competitive market for similar jobs, provide sufficient opportunity for growth as you gain experience and expand responsibilities, while also allowing for differentiation based on performance. Based on the breadth of our ranges, most new hires will start at Clorox in the first half of the applicable range. Your starting pay will depend on job-related factors, including relevant skills, knowledge, experience and location. The applicable salary range for every role in the U.S. is based on your work location and is aligned to one of three zones according to the cost of labor in your area.

–Zone A: $88,700 - $165,900–Zone B: $81,300 - $152,100–Zone C: $73,900 - $138,300

All ranges are subject to change in the future. Your recruiter can share more about the specific salary range for your location during the hiring process.

This job is also eligible for participation in Clorox’s incentive plans, subject to the terms of the applicable plan documents and policies.

Please apply directly to our job postings and do not submit your resume to any person via text message. Clorox does not conduct text-based interviews and encourages you to be cautious of anyone posing as a Clorox recruiter via unsolicited texts during these uncertain times.

To all recruitment agencies: Clorox (and its brand families) does not accept agency resumes. Please do not forward resumes to Clorox employees, including any members of our leadership team. Clorox is not responsible for any fees related to unsolicited resumes.