Associate Principal - CyberSecurity

Associate Principal - Cyber Security

Job Role:

Onsite GRC Lead<

Location:

Cleveland, OH <
Role Summary<
Seeks an experienced Governance Risk Compliance GRC Lead to serve onsite as the primary cybersecurity governance point of contact This role will oversee the GRC program interface with CISO coordinate with offshore delivery and drive measurable maturity uplift aligned to NIST CSF 20 and other standards<
The lead will ensure governance across all cybersecurity domainspolicy risk assurance and technical trackswhile maintaining strong stakeholder engagement<

Key Responsibilities <
Program Leadership Stakeholder Management<
Act as onsite GRC owner working closely with CISOs team facilitating governance forums risk reviews and executive updates<
Navigate complex stakeholder conversations and maintain trust based relationships with senior leaders<
Framework Alignment Control Governance<
Map Customer policies and controls to NIST CSF 20 define target tiers and evidence expectations<
Maintain control library RACI and attestation processes for audits and compliance<
Risk Management<
Operate the risk register drive prioritization and remediation timelines and escalate material risks<
Third Party Risk Assess vendor risk posture review contracts for compliance obligations and track remediation<
Compliance Management Testing<
Lead internal control testing and preaudit readiness support external audits with complete evidence packs<
Ensure compliance with ISO 27001 SOC 2 GDPR and other regulatory frameworks<
Cybersecurity Tracks Brief Coverage<
Network Security Governance of segmentation firewall rules and monitoring<
Endpoint Vulnerability Management Patching hardening and drift reporting<
Cloud Application Security Compliance for SaaSIaaS and secure SDLC practices<
Data Protection Privacy Encryption retention and regulatory alignment<
Identity Access Management Governance of JML RBAC and privileged access Incident Response Resilience Playbooks tabletop exercises and recovery readiness CISO Dashboards Reporting Develop and publish dashboards for executive visibility on risk posture compliance status and audit readiness Cybersecurity Awareness Training Drive awareness programs and targeted training for control owners and employees to strengthen security culture Operating Model Offshore Coordination Work with offshore teams to plan sprints assign actions and publish governance scorecards Policy Lifecycle Awareness Maintain policy lifecycle and drive awareness among control owners Outcomes KPIs Achieve uplift against Customers NIST CSF 20 baseline by closing gaps in documented processes and evidence Closure of highrisk findings with approved remediation plans Green audit readiness status for scoped audits Timely delivery of CISO dashboards and governance reports<

Required Qualifications < 10-14 years in cybersecurity with 6 years leading GRC programs<
Expertise in NIST CSF 20 ISO 27001 SOC 2 and CIS benchmarks<
Strong stakeholder management and auditassurance experience<
Familiarity with third party risk frameworks and compliance testing<

Preferred Experience <
Certifications such as CISSP CISM CRISC are highly desirable Cleveland - Ohio - USA
12 - 18 Years
10R17-Dec-2025

NACTIVE
1426625 Mandatory Skills : GRC Risk Assessment