Cybersecurity Governance, Risk & Compliance (GRC) Lead

The Cybersecurity Governance, Risk & Compliance (GRC) Lead role at Clorox involves supporting and continuously improving the company’s cybersecurity program, driving risk-informed decision making, and ensuring compliance with internal security policies and regulatory requirements.

Requirements

• 6+ years of experience performing cybersecurity risk assessments and applying risk management methodologies
• 6+ years of tracking, monitoring, and reporting cyber risk to management
• 6+ years of cybersecurity governance, risk, and compliance experience
• Demonstrated experience in third-party cyber risk management, including vendor risk assessments, remediation tracking, and stakeholder coordination
• Experience managing a team of offshore managed service providers
• Experience managing vendor risk across SaaS, cloud, data processors, and managed service providers
• Strong knowledge of cybersecurity controls management, controls testing, and automation
• Hands-on experience with cybersecurity and privacy frameworks (e.g., NIST CSF/RMF, ISO 27001/27002, SOC 1/2/3, SOX, GDPR, CCPA)
• Experience with AI/ML risk management frameworks (e.g., NIST AI RMF, ISO/IEC 42001) and understanding of AI-specific threat vectors
• Experience drafting and maintaining cybersecurity policies and standards
• Experience using ServiceNow Integrated Risk Management or a comparable GRC platform
• Ability to influence without authority and communicate complex risk topics clearly to diverse audiences
• Cyber risk or audit certifications (CISA, CISM, CRISC, CISSP) are a plus

Benefits

• Robust health plans
• Market-leading 401(k) program with a company match
• Flexible time off benefits
• Inclusive fertility/adoption benefits