Cybersecurity GRC Program Lead


Job Location:

Chicago, IL - USA

Yearly Salary: $ 112498 - 163571
Posted on: 30+ days ago
Vacancies: 1 Vacancy

Job Summary

Echo is seeking a Cybersecurity GRC ProgramAnalystto build the operating system for security governance risk controls evidence and exceptions across the enterprise. This is a hands-on role for someone who can select and drive adoption of a primary cybersecurity framework build the control ownership model build & improve evidence operations accelerate questionnaire throughput and create practical governance mechanisms that work with real engineering and business teams. OwntheautomatedCCM platform.


This role is not limited to policy writing or audit coordination. It is intended to make security governance real and measurable across the enterprise by building practical operating mechanisms around risk controls evidence exceptions and stakeholder the staffing plan this role is explicitly intended to select and operationalize the primary framework likely starting with NIST CSF 2.0 while mapping outward toSOX ITGC SOC2Type2ISO 27001 NIST AI RMF ISO 42001and other requirements for customers audit and international needs.

Justification

Echois reassessing its policy foundation including formal expectations for information security governance access control supplier security and compliance review. What is needed now is a leader who can turn those policies into a durable governance operating system with clear ownership evidence discipline exception management and measurable accountability.

Hiring Requirements

What you will do

  • Leadselection adoption and operationalization of Echos primary cybersecurity framework and related standards structure with NIST CSF 2.0 as thelikely managementlayer

  • Build andmaintaina control ownership model across Technology Engineering Platform Network EUC Asset Data Integrations and Security

  • Translate existing policies into measurable operating practices control expectations evidence requirements review cadences and exception workflows

  • Partner with security architecture engineering and operations teams to ensure that governance expectations are practical technically grounded and enforceable

  • Drive enterprise risk and control assessments including facilitating discussions on control design effectiveness and remediation priorities

  • Build an evidence library structure while defining repeatable collection review reuse and freshness cadences

  • Improve security questionnaire workflows through standardized responses evidence reuse service-level expectations and clearer ownership

  • Coordinate third-party security intake and help define tiering minimum security requirements documentation expectations and escalation paths

  • Partner with Internal Audit and business stakeholders on readiness efforts compliance reviews and operational audit support

  • Track policy exceptions control gaps remediation commitments and overdue actions through closure including clear owners and time bounds

  • Perform User Access Reviewscompliant to SOX ITGC and SOC2/ISO27001

  • Provide security governance input on supplier security requirements contractual obligations and ongoing review expectations

  • Produce reporting for leadership on framework maturity control ownership policy currency evidence readiness exception status and risk trends

  • Lead the evolution to and support of continuous compliance capabilities to improve control visibility evidence freshness and audit readiness

  • Manage and evolve the organizations trust center including published security documentation customer-facing assurance materials and the processes that keep content current and supportable

What success looks like

In the first 60 to90 days this role is expected to produce a framework decision package define the control ownership model stand up an evidence library structure improve questionnaire operations andestablishpractical workflows for exceptions and third-party intake. Over 12 months success means framework adoption becomes measurable control ownership is visible evidence is reusable customer and audit due diligence become less reactive and policy exceptions and control gaps are actively managed.

What you bring

  • 5 years in cybersecurity GRC security risk audit readiness compliance operations or related functions with clear experience building or maturing governance operating models

  • 2 years of GRC experience in a public company.

  • Experience with SOX ITGC controls.

  • Understanding ofregulatory and SEC requirements for a public company.

  • Strong experience operationalizing NIST CSF and translating controls across frameworks such as ISO 27001 SOX SOC 2 or similar frameworks

  • Experience building or maturing security governance programs in complex enterprise environments with multiple technical stakeholders

  • Experience with risk assessments control design reviews exception management and remediation tracking

  • Strong understanding of third-party risk supplier security reviews security questionnaires and governance workflows that scale beyond one-off reviews

  • Experience partnering with technical teams to influence architecture engineering and operations outcomes in a practical technically credible way

  • Ability to turn policy and framework language into concrete operating practices ownership expectations and measurable evidence

  • Strong writing stakeholder management and executive communication skills

Preferred qualifications

  • GRC experience with a public companyfor SEC and regulatory reporting requirementsi.e.10K 8K.

  • Experience supporting SOC 2 ISO 27001 CTPAT SOX or similar audit/readiness efforts

  • Experience with evidence management control testing internal audit coordination or related assurance processes

  • Experience withautomatedcontinuous compliance platforms including evidence automation control monitoring and audit readiness workflows

  • Experience managing a trust center or similar customer assurance portal and keeping security documentation current and reusable

  • Familiarity with enterprise technology environments spanning cloud identity endpoint network and application security domains.

  • Knowledge of AI governance frameworkse.g NISTAI RMF and ISO 42001.

Echo Global Logistics is a leading provider of technology-enabled transportation management services. As a third-partylogisticsprovider we simplify transportation management for our clients and carriers handling crucial tasks so they can focus on what they do best. From coast to coast dock to dock and across all major transportation modesEchoconnects businesses that need to ship their products with carriers who transport goods quickly securely and cost-effectively.

Why this role matters

Echoalready has a policy foundation including formal expectations for information security governance access control supplier security and compliance review. What is needed now is a leader who can turn those policies into a durable governance operating system with clear ownership evidencediscipline exceptionmanagement and measurable accountability.

Work environment/physical demands summary:

This joboperatesin an office environment and uses a computertelephoneand other office equipment as needed to perform duties. The noise level in the work environment istypical of thatof an office with an open seating floor plan. The employee mayencounterfrequent interruptions throughout thework day. The employeeis regularly required tosit talk or hear.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin status as a qualified individual with a disability or Vietnam era or other protected veteran.

#LI-SG1

#Remote

Benefits

For more information about our benefit offerings please visit our careers page at per year

This role is eligible for a bonus that is based on a combination of personal and business performance.


Required Experience:

Senior IC

Echo is seeking a Cybersecurity GRC ProgramAnalystto build the operating system for security governance risk controls evidence and exceptions across the enterprise. This is a hands-on role for someone who can select and drive adoption of a primary cybersecurity framework build the control ownership ...

About Company

Company Logo

Learn how Echo Global Logistics simplifies transportation management for shippers and carriers with tech-enabled, expert-backed freight shipping solutions.

View Profile View Profile