It Specialist - Cybersecurity Governance

About The Position

Requirements

• Bachelors' degree from an accredited
• Minimum of at least (10) ten years of progressive experience in information security, IT risk, compliance, or governance, with at least (5) five years in a senior-level or lead role.
• Demonstrated success in developing, implementing, and maintaining IT/security policies and standards in a regulated enterprise environment.
• Experience managing compliance with multiple frameworks (SOC 2, SOX, PCI DSS, CMMC, NERC, HIPAA, ISO 27001, NIST CSF, FedRAMP, etc.)
• Experience as an external auditor with an auditing or consulting firm.
• Must be authorized to work in the United States without company sponsorship now or in the future
• Exceptional written communication skills, capable of translating technical concepts into policy language accessible to diverse stakeholders.
• Proven ability to lead through change, drive consensus, and gain buy-in across business and technical leadership.
• Strong facilitation and requirements elicitation skills.
• Familiarity with audit processes and ability to prepare organizations for successful external reviews.
• Strategic thinker with the ability to balance compliance obligations with business practicality.

Nice To Haves

• Master’s Degree
• Security & Compliance Frameworks Examples: SOC 2, SOX, PCI DSS, HIPAA, NERC CIP, CMMC, FedRAMP, ISO/IEC 27001, NIST CSF, and NIST SP 800-53.
• Policy Development Knowledge of effective policy architecture, version control, lifecycle management, and traceability to compliance requirements.
• Risk & Control Mapping Ability to align policies with control objectives across multiple frameworks, harmonizing overlapping requirements.
• Audit Readiness Familiarity with internal and external audit processes, evidence mapping, and remediation tracking.
• IT Security Domains Core understanding of access control, encryption, network security, incident response, vulnerability management, disaster recovery, and cloud security governance.
• Regulatory Awareness Up-to-date knowledge of evolving regulations impacting global enterprises (e.g., GDPR, U.S. state privacy laws, DORA, AI Act).
• Tooling & Automation (preferred) Experience with GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust), audit management tools, and collaboration systems (e.g., Confluence, SharePoint, Teams).

Responsibilities

• Policy Development & Lifecycle Management
• Overhaul and rewrite the company’s IT security and compliance policies to address gaps, inconsistencies, and outdated content.
• Define and implement a policy lifecycle management process, including drafting, review, approval, communication, periodic review, and retirement.
• Integrate and align policies and standards with established or identified frameworks, ensuring traceability to applicable compliance requirements (e.g., SOC2, SOX, PCI DSS, CMMC, NERC CIP, HIPAA, ISO/IEC 27001, NIST CSF, etc.).
• Collaboration & Stakeholder Engagement
• Partner with senior leaders, enterprise architects, control owners, and audit teams to develop policy language that is achievable, measurable, and aligned with business realities.
• Collaborate with architects, process owners, and subject matter experts to implement standards that meet policy requirements.
• Facilitate workshops, requirements elicitation sessions, and cross-functional reviews to build consensus and drive adoption.
• Act as a trusted advisor on emerging regulatory requirements, controls, and best practices.
• Partner with Risk, Compliance, Organizational Change Management, and Communications teams to foster cohesive governance policies and successful implementations of new or changed policy.
• Audit & Compliance Alignment
• Ensure policies are mapped to control frameworks and audit criteria, enabling demonstrable compliance during internal and external audits.
• Support evidence preparation and auditor discussions by ensuring policies are clear, consistently applied, and well-documented.
• Thought Leadership & Best Practices
• Independently research new topics and requirements and introduce these to the business in a manner that is relevant and understandable to varying stakeholders.
• Monitor regulatory, legal, and industry trends to ensure policies remain current.
• Champion best practices in Governance, Risk, and Compliance, including harmonizing policies with risk management and business continuity programs.
• Mentor and coach colleagues on effective policy writing and governance approaches.
• Lead continuous improvement and look for ways to leverage new capabilities such as AI and automation.
• Identify new or innovative ways to ensure awareness and acknowledgment of policies and standards

Benefits

• Eaton provides various Health and Welfare benefits as well as Retirement benefits, and several programs that provide for paid and unpaid time away from work.
• Eaton Benefits Overview