Cybersecurity GRC Product Owner (Associate Director)

Cybersecurity GRC Product Owner (Associate Director) page is loaded## Cybersecurity GRC Product Owner (Associate Director)locations: Pleasanton, CA - USAtime type: Full timeposted on: Posted Todayjob requisition id: 20903Clorox is the place that’s committed to growth – for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team.**Your role at Clorox:**We are seeking an experienced leader to spearhead our enterprise Cybersecurity Governance, Risk, and Compliance (GRC) program. This role encompasses cyber risk management, governance, compliance, Third Party Vendor Risk Management, and Human Risk Management. As a leader, you will be accountable for identifying, evaluating, reporting, and managing information security risks to meet compliance and regulatory requirements, while building business confidence in our cybersecurity program. Success in this role requires proactive collaboration with cross-functional stakeholder teams across the enterprise to ensure alignment and application of practices that support business goals and meet defined policies and standards for information security. As a strategic thinker, you will navigate the complex landscape of regulatory requirements, privacy concerns, and evolving security threats. You will define product roadmaps, prioritize features, and manage your product team to uphold the organization’s cybersecurity standards and governance. Collaboration with key stakeholders across the organization is crucial to ensure the maintenance and continuous evolution of the GRC environment, ensuring sensitive data is appropriately managed and risk processes are aligned with our enterprise strategic objectives**In this role, you will:****Governance*** Develop and maintain the security governance framework, policies, and procedures aligned with industry standards and best practices.* Ensure that the organization adheres to established governance guidelines.* Ensure AI capabilities are governed, secure, explainable, compliant, and human‑accountable, while delivering measurable risk and efficiency outcomes without increasing regulatory or data exposure.* Collaborate with the business, IT Infrastructure and Applications leaders to implement and enforce standards and control objectives throughout the organization.**Risk Management*** Identify, assess, and prioritize security risks related to assets, systems, and data.* Define security improvements to resolve or mitigate security findings or otherwise enhance security posture to achieve compliance with all security initiatives.* Implement risk mitigation strategies and controls to minimize exposure to threats and vulnerabilities.* Conduct regular security risk assessments and provide recommendations for remediation actions.* Evaluate and manage security risks associated with third-party vendors and service providers.* Overseeing audits, penetration tests, and forensic investigations, ensuring that findings are comprehensively understood and effectively remediated.**Compliance*** Establish and maintain an effective compliance framework aligned with applicable laws, regulations, and global industry standards.* Ensure compliance with regulatory mandates and reporting requirements.* Oversee internal and external audits, addressing findings and implementing corrective actions.* Enforce standards of multiple security frameworks, including SOX, PCI, and Global Privacy regulations (e.g., CCPA, GDPR)* Ensure AI capabilities meet regulatory and compliance expectations by understanding applicable AI, privacy, and sector‑specific regulations (e.g., EU AI Act) and mapping AI use cases to established control frameworks (SOX, ISO 27001, SOC 2, NIST, and privacy requirements)**Training and Awareness*** Drive strategy for the Human Risk Management Program* Lead educational initiatives to promote a culture of risk awareness and compliance among employees and third parties.* Address the unique threats and risks specific to the organization’s business and technological environment.**Stakeholder Engagement*** Collaborate with executive leadership and internal stakeholders to align security initiatives with business objectives.* Serve as the main liaison for business units and functions, ensuring cybersecurity risks are effectively identified, assessed, and managed.* Engage with external stakeholders, including regulators, partners, and vendors, on GRC matters.**Leadership and Management*** Build and nurture a high-performing team, fostering professional growth and ensuring the team is equipped to meet organizational goals.* Develop and maintain a comprehensive cybersecurity architecture and roadmap in alignment with GRC/Privacy organizational standards.* Keep abreast of the latest cybersecurity trends, threat landscapes, and technologies, recommending and implementing appropriate strategies and solutions.* Foster a culture of continuous improvement and innovation within the product team, constantly seeking opportunities for enhancement and optimization.* Define the overall product roadmap and collaborate with teams to develop and execute a backlog that aligns with group priorities.**What we look for:*** 10 plus years of experience as a product owner or in a similar role within Cybersecurity GRC and Privacy.* Experience leading enterprise AI Security & Governance program, defining key cybersecurity controls for AI/ML systems and partnering with Security Engineering, Privacy, and Legal to ensure responsible, secure AI adoption.* Experience directing and developing high‑performing Cyber GRC function, driving scalable governance processes and enabling secure AI innovation across the organization. (People Management is required)* Relevant industry certifications such as CISSP, CISA, CISM, or CRISC are preferred.* Experience with IT GRC tools (e.g., ServiceNow IRM, OneTrust) and developing successful risk management programs.* Knowledge of security and privacy frameworks and regulations, including ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, and GDPR.* Advanced understanding of information security concepts, including cloud security, compliance, access controls, and disaster recovery.* Proven ability to coordinate cross-functional teams and stakeholders globally to achieve operational goals and deliver technology initiatives.* Track record of mentoring and managing teams of experienced technologists, setting clear priorities to achieve organizational goals.* Hands-on experience in software development with a focus on cybersecurity outcomes and leadership in information security and risk management.* Strategic planning and roadmap development skills to implement strategic plans and manage product roadmaps.* Strong communication and leadership abilities to guide and inspire teams, along with expertise in risk management, privacy, data security, and incident response.#LI-HYBRID**Workplace type:**Hybrid: 3 Days in office; 2 Days WFH**Our values-based culture connects to our purpose and empowers people to be their best, professionally and personally. We serve a diverse consumer base which is why we believe teams that reflect our consumers bring fresh perspectives, drive innovation, and help us stay attuned to the world around us. That’s why we foster an inclusive culture where every person can feel respected, valued, and fully able to participate, and ultimately able to thrive.** **.****(U.S.)Additional Information:**At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a
#J-18808-Ljbffr