Job Description: IT/OT Governance, Risk & Compliance (GRC) Program Manager

Location: Danbury, Connecticut - Hybrid (3 days onsite / 2 days remote)
Role Type: Full‑time

Overview

Our client is an industrial technology provider seeking an experienced IT/OT Governance, Risk & Compliance (GRC) Program Manager to lead organizational security governance across both traditional IT environments and operational technology (OT) systems. This role serves as a bridge between regulatory frameworks and practical engineering implementation, ensuring that security standards are defined, adopted, and continuously validated.

The ideal candidate combines strategic program leadership with hands‑on execution-driving compliance initiatives, partnering with engineering teams, and maintaining a consistent audit‑ready posture.

Key Responsibilities

Security Governance & Framework Alignment

• Lead the development, maintenance, and execution of IT and OT security frameworks (e.g., NIST CSF, IEC 62443).
• Define ownership and accountability for control implementation across teams.
• Assess capability gaps and recommend staffing, training, or process improvements.

Product & Engineering Partnership

• Integrate secure‑by‑design principles into the engineering lifecycle.
• Ensure products and systems align with relevant regulatory expectations and internal security requirements.

Compliance Baseline Development

• Create and maintain enterprise security standards, technical baselines, and control requirements.
• Validate alignment through on‑site reviews, documentation assessments, and independent verification activities.

Corrective Action & Risk Management

• Govern the tracking and remediation of audit findings, exceptions, risk acceptances, and deviations.
• Drive timely resolution of issues and escalate blockers when appropriate.
• Maintain a centralized risk register and guide risk identification, evaluation, and prioritization.

Operationalization of Compliance

• Translate regulatory requirements into practical operational procedures.
• Collaborate directly with engineers and system owners to configure, deploy, and validate controls across IT and OT environments.

Audit Preparation & Assurance Testing

• Serve as the primary point of contact for internal and external audits.
• Maintain a continuous audit‑ready environment through curated evidence and control documentation.
• Conduct internal control assessments, mock audits, and site-level walkthroughs.

Third‑Party Risk Management

• Evaluate supplier and vendor security posture.
• Enforce remediation actions or risk acceptance decisions before contract execution.

Security Reporting & Metrics

• Transform technical findings into clear business‑level insights.
• Provide leadership with validated reporting on risk reduction, compliance posture, and program health.

GRC Platform Administration

• Oversee configuration, workflows, automation, and evidence collection processes within GRC software tools.

Awareness & Training

• Develop and deliver role‑specific cybersecurity training to engineering, operations, and technical teams.

OT Environment Governance

• Collaborate with OT and engineering teams to maintain accurate asset inventories.
• Support network segmentation, zoning, and architecture decisions aligned with OT security best practices.

Incident Response Collaboration

• Incorporate lessons learned from security incidents into program updates, policies, and control enhancements.

Qualifications

Education

• Bachelor's degree in Information Technology, Cybersecurity, Engineering, or related field (or equivalent experience).

Certifications (Preferred)

• CISA, CISM, CRISC
• CGRC or comparable governance/risk certification
• IEC/ISA 62443 training or credentials

Experience

• 7+ years in IT/OT GRC, cybersecurity governance, compliance, audit, or similar roles.
• Demonstrated experience with:
  • Designing and operationalizing governance programs
  • Mapping and implementing controls aligned to NIST CSF and/or IEC 62443
  • Managing change control, exceptions, and compensating controls
  • Cross-functional stakeholder engagement and conflict resolution
  • Evidence management, documentation rigor, and audit readiness
  • Program and project management, KPIs, and continuous improvement initiatives

Working Conditions

• Hybrid work schedule.
• Ability to work in office, technical, and industrial environments as required.
• Ability to sit or stand for extended periods; may require occasional lifting up to 25 lbs.
• Occasional travel (up to ~10%).
• Ability to wear applicable PPE in operational areas.