Cybersecurity GRC Manager (Defense)

TL;DR

Cybersecurity GRC Manager (GRC/Cybersecurity): Developing and governing information security policies and ensuring compliance with regulatory standards like CMMC and SOX with an accent on risk management and audit readiness. Focus on performing IT security risk assessments, managing audit remediations, and leading a team of GRC analysts to ensure corporate governance.

Location: Onsite in Pittsburgh, PA, US. Must be a U.S. Person as defined under ITAR.

Company

Excelitas is a global technology leader providing photonic innovation and market-driven solutions for the biomedical, semiconductor, industrial, defense, and aerospace sectors.

What you will do

• Develop, maintain, and govern information security policies, standards, and procedures aligned with regulatory and customer requirements.
• Manage compliance with CMMC Level 2, SOX, and other regulatory security requirements.
• Conduct IT security risk assessments and maintain the enterprise IT security risk register.
• Serve as the primary point of contact for internal and external audits, coordinating evidence collection and control testing.
• Manage and develop the day-to-day activities, performance, and professional growth of GRC analysts.
• Mature the Third-Party Risk Management (TPRM) program and deliver security awareness training.

Requirements

• 5+ years of progressive experience in IT Security Governance, Risk & Compliance (GRC).
• Strong working knowledge of CMMC, NIST SP 800-171, SOX ITGCs, and TPRM frameworks.
• Experience supporting internal and external audits, including evidence preparation and remediation of findings.
• U.S. Person status as defined under ITAR (22 CFR §120.62) is required.
• Strong analytical, documentation, and communication skills with the ability to manage multiple workstreams.

Nice to have

• Experience in defense, aerospace, or public company environments.
• Familiarity with ISO/IEC 27001/27002, NIST CSF, COSO, or COBIT.
• Experience with GRC tools such as AuditBoard, Archer, or ZenGRC.
• Knowledge of CUI and export control requirements (ITAR, EAR, DFARS).
• Professional certifications such as CISA, CISM, CRISC, or CISSP.

Culture & Benefits

• Work with a global technology leader in cutting-edge photonic innovation.
• Opportunity to drive corporate governance in a highly regulated environment.
• Equal Opportunity/Affirmative Action Employer.