GRC Lead (IT/OT)

Key Responsibilities

As the GRC Lead (IT/OT), you will design, implement, and mature governance programs that strengthen cyber resilience across industrial control systems (ICS), OT networks, and corporate IT environments. You will be responsible for aligning the organization with leading security frameworks (e.g., NIST CSF, IEC 62443) and ensuring ongoing compliance with regulatory, security, and audit requirements.

You will partner closely with engineering, security operations, risk, compliance, and technology leadership to embed governance processes, monitor control effectiveness, and steward audit readiness across the enterprise.

Governance, Frameworks & Policy

• Lead the development, maintenance, and communication of IT/OT security policies, standards, and operational procedures.
• Build and mature enterprise control frameworks, including control mapping, compensating controls, and change governance.
• Implement and maintain RACI/RASIC structures for governance clarity and cross‑functional execution.
• Drive continuous improvement, KPI tracking, and governance program design across both IT and OT.

Risk Management & Compliance

• Oversee enterprise risk management, including the risk register, risk acceptance processes, and business‑risk reporting.
• Conduct control self‑assessments, internal assurance testing, and independent verification of control effectiveness.
• Identify and manage non‑compliance gaps, develop remediation plans and CAPA actions, and ensure timely closure.
• Manage and enhance third‑party risk management (TPRM), evaluating vendor security posture and compliance controls.

Audit Readiness & Evidence Management

• Lead mock audits, audit evidence preparation, and SOX / ITGC / ITAC readiness activities.
• Maintain and govern evidence repositories, automate evidence collection through GRC platforms, and manage audit evidence packages.
• Coordinate cross‑functional groups to achieve successful regulatory inspections, external audits, and internal audits.

Technical Integration Across IT & OT

• Collaborate with engineering teams to embed secure‑by‑design principles, threat modeling, and segmentation governance.
• Oversee OT asset inventory, network zoning, conduits, and control architecture alignment with IEC 62443.
• Integrate GRC processes into incident response, root cause analysis, and operational risk reviews.
• Ensure alignment of technical security standards, control requirements, and engineering processes.

Programs, Tools & Stakeholder Engagement

• Manage and optimize GRC software platforms, evidence automation workflows, and compliance metrics reporting.
• Lead security awareness training, role‑based training programs, and cross‑functional education initiatives.
• Facilitate discussions between technical and non‑technical stakeholders; drive conflict resolution and alignment across teams.
• Maintain updated regulatory policy interpretations and guide business units through applicability and compliance requirements.

• 7+ years of experience in GRC, cybersecurity, IT/OT risk, or compliance roles within critical infrastructure or highly regulated industries.
• Strong understanding of NIST CSF, IEC 62443, IT/OT controls, and regulatory standards.
• Experience with audit lifecycle management, evidence governance, ITGC/ITAC/SOX, and assurance testing.
• Technical fluency across IT and OT domains: network segmentation, ICS/SCADA, asset inventories, security controls, threat intelligence, and architectural principles.
• Demonstrated ability to influence senior stakeholders and lead cross‑functional teams.
• Experience with GRC platforms, dashboarding, metrics, and workflow automation.