7,615 Security Governance jobs in the United States

Information Security Governance-Risk-Compliance Analyst

Requisition ID

2025-48506

Category

Information Technology

Location : Name

Rev Hugh Cooper Admin Center

Location : City

Albuquerque

Location : State/Province

NM

Minimum Offer

USD $45.86/Hr.

Maximum Offer for this position is up to

USD $1.81/Hr.

Overview

Presbyterian is seeking a Information Security Governance-Risk-Compliance Analyst!

The Information Security Governance-Risk -Compliance Analyst is responsible for the oversight and coordination of various cybersecurity risk management activities focused on identifying, assessing, managing, and mitigating risks . Subject matter expert experienced in regulatory requirements, security framework standards, security operations and controls, and industry best practices.
The role works closely with Compliance, Internal Audit, and other Departmental Leaders in the coordination of planning, prioritization, tracking, and remediation of cyber risks, assessment and audit findings, supply chain risk, and operational risk. Works closely with technology and security leaders and subject matter experts to coordinate, review, and catalogue responses. coordinates with Compliance and Internal Audit to further the planning, response, and cataloguing of assessment and audit activities related to both Information Security and Information Technology.
Supports the operationalization of the GRC management functions to ensure compliance with established security controls, industry frameworks, regulatory and legal requirements, organizational policies, and standards. Collaborates with the GRC Director and CISO on the risk management program, including risk assessments, risk analysis, internal and external audits, vendor security risk program and risk register management. Other key activities will include reviewing existing security policies, assessing that procedures are implemented in accordance with security policies and standards, and that security metrics are being measured.

We're determined to take care of those working in healthcare.

Presbyterian is dedicated to improving people's lives - the lives of our patients and the lives of our coworkers. We're locally owned and operated, which encourages supportive leadership that emplowers employees. And we provide the opportunity to gorw from entry-level to the most senior positions.

Why Join Us

Full Time - Exempt: Yes
• Job is based at Rev Hugh Cooper Admin Center
• Work hours: Weekday Schedule Monday-Friday
• Benefits: We offer a wide range of benefits including medical, wellness program, vision, dental, paid time off, retirement and more for FT employees.

Qualifications

• Bachelors degree in Information Security, Computer Science, Information Management Systems, or related field desired; or 6 years of relevant experience may be substituted in lieu of degree. An advanced degree is strongly preferred.
• 3 years of experience in Information Security Risk Management or in Information Technology/Information Security Audit required.
• 5 years of experience in a large (over 2,000 end users) Healthcare IT Enterprise preferred.
• 7 years of experience in a combination of IT Governance, Risk Management, Compliance, and Information security roles preferred.
• Expert working knowledge from within an information security function using ISO 27000, NIST CSF, NIST RMF, or NIST 800-53, HIPAA, or HITRUST Common Security Framework.
• Experience supporting SSAE 16 or SOC 2
• Detailed understanding and extensive experience with information security regulations, including at a minimum National Institute of Standards and Technology (NIST), Health Insurance Portability Accountability Act (HIPAA), Payment Card Industry (PCI), ISO 27001 and ISO 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
• Significant experience performing Information Security Risk Management, Third-Party Risk Management, and audits and assessments in large, complex organizations.
• Significant experience in end-to-end IT and Security Risk Management.
• Significant experience with technical risk remediation identification and planning.
• Significant experience with corrective action and remediation engagement and planning.
• Models high standards of integrity, performance, confidentiality, and demonstrates sound judgement.
• Incorporates Presbyterian Health Services values into the ITGRC compliance and audit program

• Professional certifications such as Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or Certified Risk & Information Security Controls (CRISC) required or willing to obtain within the first year of employment.

Responsibilities

• Provide expert knowledge in information security standards and practices and with related federal, state, and local regulatory requirements.
• Identify and assess the severity and potential impact of risks identified within audits and assessments. Educate risk owners within Information Technology and Information Security about risk assessment findings and proper risk remediation.
• Support the implementation of PHS and PHP information governance, risk, and compliance processes.
• Assess processes, practices, and controls against PHS Information Technology and Information Security policies, procedures, and standards.
• Coordinate, catalogue, and communicate internal and external risks and findings to the Director, ITGRC.
• Develop and maintain risk exception and acceptance processes, corrective action plans and mitigation strategies for cyber risks, assessment and audit findings, supply chain risks, and operational risks and recommendations. Corrective action plans are continually updated, and progress is documented for each open item.
  
  

Benefits

All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical, dental, vision, short-term and long-term disability, group term life insurance and other optional voluntary benefits.

Wellness
Presbyterian's Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges, webinar, preventive screening and more.

Why work at Presbyterian?
As an organization, we are committed to improving the health of our communities. From hosting growers' markets to partnering with local communities, Presbyterian is taking active steps to improve the health of New Mexicans.

About Presbyterian Healthcare Services
Presbyterian exists to ensure the patients, members and communities we serve can achieve their best health. We are a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state's largest private employer with nearly 14,000 employees.

Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Centennial Care) and Commercial health plans.

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.

Maximum Offer for this position is up to

USD 71.81/Hr.

Compensation Disclaimer

The compensation range for this role takes into account a wide range of factors, including but not limited to experience and training, internal equity, and other business and organizational needs.

Need help finding the right job?

We can recommend jobs specifically for you!
Click here to get started.

Description

Join Our Team

For over 70 years, Teachers Federal Credit Union has been committed to guiding members toward building a strong financial foundation today for a better tomorrow. Named one of America's Best-In-State Credit Unions by Forbes Magazine in 2022, Teachers has grown into one of the leading credit unions in the United States. As we broaden our national reach, we will continue to ensure that Teachers is a Best Place to Bank and a Best Place to Work. Teachers offers a variety of exciting career opportunities ranging from part-time and full-time staffers to executive leadership roles.

Summary:

The Information Security Governance Risk & Compliance Manager is responsible for managing, planning, and executing security initiatives related to governance, risk management, compliance, and audit oversight. The Information Security Governance Risk & Compliance Manager oversees anti-phishing campaigns, security awareness training, risk assessments, vendor security reviews, and managing audit activities related to security governance and controls.

Education and/or Experience:

• Bachelors degree or a minimum eight years directly related experienced
• Minimum five of 5 years of experience in information security Governance, Risk, and Compliance required
• Managing complex security programs required
• CISSP, CISM, CRISC, or similar preferred
• Experience with security tools, technologies, and risk management platforms required
• Proven track record of managing and executing information security programs, including anti-phishing campaigns, risk assessments, and security awareness training.
• Strong understanding of regulatory frameworks and industry standards (GDPR, CCPA, NIST, ISO 27001, SOC 2, etc.).
• Experience conducting vendor security assessments and reviewing SOC reports.
• Solid knowledge of information security principles, including risk management, incident response, and security controls.
• Knowledge of data privacy regulations
• Experience with a variety of ITGRC tools such as ServiceNow and RSA Archer and others.
• Proven experience in audit oversight, managing both internal and external audit processes, and addressing audit findings related to information security.
• Excellent communication skills, with the ability to articulate complex security topics to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail and the ability to drive continuous improvement in security processes.
• Ability to work independently and manage multiple projects simultaneously.

Job Responsibilities:

• Security Awareness Training: Develop, coordinate, and deliver ongoing security awareness training programs to educate employees on security best practices and risk mitigation techniques.
• Anti-Phishing Campaigns: Plan, manage, and execute anti-phishing campaigns to assess and improve employee awareness and the organization's resilience against phishing attacks.
• Risk Assessments: Manage planning and execution of regular risk assessments, ensuring the identification, evaluation, and mitigation of security risks across the organization.
• Vendor Security Reviews: Manage and review vendor security assessments, including the evaluation of SOC reports, to ensure third-party risk is managed in accordance with security policies and standards.
• Governance and Compliance: Oversee information security governance processes, ensuring adherence to relevant regulatory frameworks, industry standards, and internal policies. Lead compliance activities related to security controls, data privacy, and industry regulations.
• Audit Oversight: Manage the execution and oversight of internal and external audits, ensuring security and compliance audits are conducted according to the established audit schedule. Collaborate with auditors to address security-related audit findings and ensure timely remediation of issues.
• Day-to-Day Information Security Activities: Handle day-to-day information security activities, including incident management, reporting, and compliance tracking, ensuring that all aspects of the security program are functioning optimally.
• Reporting & Metrics: Provide regular updates and reports to senior leadership on the effectiveness of security programs, compliance status, audit results, and risk mitigation efforts. Develop metrics to track progress and demonstrate the effectiveness of security initiatives.
• Continuous Improvement: Stay informed on the latest security threats, trends, and technologies. Recommend and implement best practices for improving information security governance, compliance, and audit preparedness.

Benefits of Joining the Teachers Team:

We provide a competitive compensation and benefits package that includes, but is not limited to:

• Paid time off for vacation, personal days, and holidays
• Fully-funded pension plan
• 401(k) company contribution
• Teachers pays 100% of Dental & Vision premium
• Tuition reimbursement is offered to full-time employees
• Exclusive employee discount of 0.96% APR on credit card loans and a 1.00% APR on all other loans through Teachers

The good faith range for this position is $118,250 - $147,850 annually. This range is an estimate, based on potential employee qualifications and operational needs. The salary may vary above and below the stated amounts, as permitted by applicable law.

All candidates will be subject to a background check, credit check, and drug test to determine employment eligibility.

To learn more about Teachers and to view a full list of our job opportunities please visit

Click here to view: California Privacy Notice

#LI-KM

Members Achieve More isn't just a tagline for us, it's part of everything we do! We're looking for passionate individuals to join our team to help us maintain that focus every day. Want to work somewhere that's remained strong for 90 years, that encourages you to learn, grow, and pursue your dreams? If yes, then read on.

The Information Security GRC Analyst is responsible for analyzing and assessing the information security controls in an effort to protect the confidentiality, integrity, and availability of PSECU's information. The individual is responsible for ensuring network and cloud security access and for implementing and documenting measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure.

The level for this position will be determined based on the selected candidate's experience.

Schedule: Monday - Friday, 9:00am -5:00pm. This position will be a hybrid model both in person and remote with minimum of onsite expectation of 40% or as needed.

In this position, you will

• Monitor Compliance: Assist in protecting the integrity, availability and confidentiality of network resources and data. Assist in the development and enforcement of security policies, standards, and procedures. Participate in network, system, and application vulnerability assessments, generate report findings, and oversee remediation activities. Participate in the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence to PSECU policies, standards, and industry frameworks for both cloud and on-prem solutions.

• Control and Risk Assessments: Perform or coordinate control testing, assessments, and monitoring to ensure that Information Technology processes and controls are effective, functioning as designed, and managed to the appropriate level of risk. Coordinate IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements. Evaluate any related external frameworks or standards ((e.g., ITIL, COBIT, National Institute of Standards and Technology (NIST), ISO 27002, Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls. Conduct risk assessments to identify gaps in the control structure.

• Vendor Due Diligence: Participate in the vendor management and due diligence process. Consult with business units when negotiating and contracting third-party service provider arrangements to ensure associated information security risks are considered. Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.

• Incident Response: Participate in or conduct incident response investigations by using and understanding PSECU's Incident Management procedures. Participate in the Incident Management Program in order to plan and respond effectively to a compromise of PSECU's IT infrastructure or to an unauthorized access and/or disclosure of sensitive company, member, or employee data. Review SIEM, operational logs, and event console activity to identify and determine the cause of security related events.

• Awareness Program: Assist in developing Information Security and Privacy Awareness content employees, members. Assist in socializing PSECU Policies and Standards to PSECU employees.

• Internal Audit Coordination: Collect evidence for internal and external audits. Research and respond to internal and external audit finding

• Other duties as assigned.

Qualifications: Required & Preferred
BS, BS: Computer and Information Science

Reasonable accommodation may be made to enable a qualified individual with a disability or disabilities to perform the essential duties and responsibilities of the job.

Physical Demands and Sensory Abilities:

Repetitive movement of hands and fingers (e.g. typing, writing).

Lifting and carrying containers weighing as much as 20-30 pounds (e.g. to/from building and vehicle to a storage area).

Sitting for long periods of time (e.g. at a desk, in meetings).

Ability to reach above, at, and below the waist.

Ability to reach above, at, and below shoulder level.

Occasional bending, kneeling, stooping and/or squatting.

Visual acuity.

Auditory acuity.

As we continue to grow and expand globally, we're on the lookout for a Global Manager of Information Security, Governance & Compliance to take the lead in shaping and elevating our Global GRC (Governance, Risk, and Compliance) program.

In this high-impact role, reporting directly to the General Counsel, you'll be at the forefront of driving security and compliance across the organization. You'll ensure we meet internal security policies, global regulations, industry standards, and applicable laws. From leading comprehensive risk assessments to building and scaling security awareness programs, processes and training, you'll be a key force behind fostering a strong security and compliance culture across all teams and regions.

You'll also be instrumental in securing and maintaining our global security certifications-such as ISO 27001, SOC, and Cyber Essentials Plus. That means managing audits, partnering with external auditors, and ensuring our practices align with the highest certification standards. If you're excited by the opportunity to lead on a global scale, influence key initiatives, and make a meaningful impact, we'd love to hear from you.

Work Locations:

This position offers hybrid or remote flexibility; however, candidates must reside near one of our office locations in Alpharetta, Georgia; Blue Bell, Pennsylvania; Herndon, Virginia; or New York City, New York. This position must live and be authorized to work in the United States; it is not eligible for relocation or sponsorship.

Hours and Travel:

Approx. 25% international and domestic annually. This position will work typical eastern US business hours with flexibility to meet with teams in multiple countries.

What You Will Do:

As the key driver of information security compliance across our global operations, you will:

• Define and implement the organization's GRC program, including policies, procedures, and controls.
• Oversee and manage our global information security governance and compliance programs.
• Develop and maintain robust security policies, procedures, and best practices.
• Coordinate internal and external audits (SOC, ISO, Cyber Essentials Plus), ensuring readiness and compliance.
• Conduct internal audits, identify gaps, and recommend corrective actions.
• Deliver training sessions and security awareness initiatives across the organization.
• Lead third-party risk assessments (TPRM) and respond to vendor security assessments.
• Chair ISMS Management Review meetings and monitor cyber risk metrics.
• Support IT with vulnerability management and penetration testing planning.
• Contribute to data privacy and governance compliance under GDPR, UK DPA, NZ Privacy Act, etc.
• Support Business Continuity Planning (BCP) testing and documentation.

What You Will Need:

• Bachelor's degree in Computer Science, Information Systems, or related field (or equivalent work experience).
• 10+ years of experience in IT governance, compliance, or risk management at a global company.
• Proven experience with international compliance, specifically GDPR, data protection laws, and compliance initiatives.
• Six Sigma is a nice to have.
• ISO 27001 Internal Auditor certification is highly desirable.
• Strong understanding of information security and IT governance frameworks.
• Familiarity with telecommunications and technologies like networking and VoIP is preferred.
• Ability to manage complex, cross-functional projects with a high attention to detail.
• Excellent communication and stakeholder engagement skills.
• Proficient in Microsoft Office Suite, especially SharePoint, OneDrive, Outlook, Teams, etc.

Who We Are:

BCM One is a leading telecom provider of NextGen Communications and Managed Services that has been in business for 30 years with more than 18,000 business customers and 5,000 channel partners who rely on our products, services, and teams to support their critical underlying network infrastructure. BCM One is the parent company to our family of brands that includes SIP.US, SIPTRUNK, Flowroute, SkySwitch, and Pure IP.

Joining the BCM One team is a chance to be part of a financially strong company with an exciting growth story; over the past 4 years we've brought together leading companies in our space who have built products, services, and programs to innovate and disrupt our industry. Now, operating under one roof, we are taking BCM One to the next level and looking for talented individuals to help make that happen.

When you choose to work at BCM One, you get to work with a talented team and build experience with the leading technologies, suppliers, and partners in our industry. We don't offer cookie-cutter solutions, so the opportunities are endless, and the work is always varied and interesting. We take our mission "to provide a world-class experience with every human interaction" seriously, which means everything you do makes a difference. And we're committed to building and nurturing a diverse and inclusive workforce and environment that empowers you to do your best work, spread your wings and reach your full potential. At BCM One, we encourage our team to learn something new every day, so you don't just become part of our growth story, we become part of yours.

Why BCM One:

We are committed to creating an environment that fosters teamwork, accountability, innovation, and teamwork. Many BCM One employees have been with the company for 10+ years, which we think says a lot about our culture.

We Are a Team

• We pride ourselves on our team-based approach to providing quality solutions for our clients. BCM One encourages a culture of collaboration, exposing employees to different areas of the business and fostering career growth.
• We support employee involvement and provide opportunities to be responsible stewards via our BCM One Gives Back Program and our Emergency Fund to help our team members who are going through difficult times.

Hard Work is Recognized

• We offer an Employee of the Quarter program with a monetary award and Employee of the Year that includes a 7-day vacation package to the Caribbean. In addition, we host various regional team-building gatherings throughout the year.
• We believe in developing our team members and offer many opportunities for training, professional development and career growth.

Your Voice is Heard

• We empower our team members to speak up and look for opportunities in challenges.
• We have an Employee Council and a Diversity Equity and Inclusion Committee made up of volunteers from across the company who share a passion for making BCM One a great place to work and find ways to positively impact our communities.

How we take care of you:

• Competitive industry salaries
• Comprehensive medical, dental, and vision insurance
• Company-provided life and disability insurance
• Matching 401 (k) plan
• Employee Emergency Assistance Fund
• Paid holidays and vacation time

BCM One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.

Information Security Manager, Governance Organization:

Starbucks

Location:

Seattle, WA

Description:

About the job

Now Brewing information security manager, governance! #tobeapartner

From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection. At Starbucks, our mission is to inspire and nurture the limitless possibilities of human connection one person, one cup, and one neighborhood at a time. We are known for developing extraordinary leaders who share this passion and are guided by their service to others. Starbucks technologists work to achieve this mission with innovative technology delivered to our partners, customers, stores, roasters, and global communities.

A successful manager at Starbucks is collaborative, organized, and able to work well through change and ambiguity. You should have strong critical thinking skills, excellent communication skills, and a validated record of a direct approach to leading teams and maturing programs at scale. This position reports to the director of governance, risk, and compliance within the Global Cybersecurity Services (GCS) organization. GCS is chartered with leading, inspiring, and supporting Starbucks to cultivate trust in our brand by ensuring confidentiality, integrity, & availability in every partner, customer & supplier experience.

This job contributes to Starbucks success by leading cybersecurity governance through the planning, coordination, delivery, and improvement lifecycle. Success for the role will be the delivery of clear, consistent, and globally integrated cybersecurity policies, standards, and governance services. Multiple stakeholder groups rely on the effective delivery of repeatable and data-driven governance services and functions across the cybersecurity organization.

This position models and acts in accordance with Starbucks guiding principles.

As an information security manager, governance, you will

1. Ensure delivery of a world class cybersecurity program through the evaluation, design, delivery, and management of governance practices and processes. You will lead the function and will be looked to for knowledge and practice of cyber governance. Success is delivery of key global services including policy and standards lifecycle, a unified control framework for critical assets, cross-functional governance reviews and advisory, legal and contractual security alignment and consolidated reporting and oversight.
2. Inspire and influence others You will establish and maintain positive working relationships to successfully deliver cybersecurity governance. You will collaborate closely with cyber leadership, regional information security officers and domain owners. You will develop and deliver key liaison and support services with internal audit, legal, data governance, asset management and other stakeholders critical to cybersecurity.
3. Develop services and deliver strategic initiatives - You will ensure operational plans align to strategic priorities, are delivered, measured for success, and built for continuous improvement. You will drive key cybersecurity governance services and establish key performance indicators to proactively report to stakeholders on performance.
4. Rapidly build a collaborative team and operationalize services - You will leverage your experience in building high performing, Agile teams while managing and deploying new governance services in an iterative approach. You will balance team capacity against operational commitments, and strategic priorities.
5. Be accountable for the quality and success of the outcome of your work You will ensure processes are known, documented, maintained, and properly performed to produce consistent, timely, high-quality deliverables.
6. Manage and develop a team comprised of functional, technical, and/or analytical professionals at a variety of levels You will develop and train partners, ensuring quality of the teams work through continuous improvement as the program scales. You will provide coaching and feedback to ensure positive and engaging working relationships. You will provide partners with developmental opportunities supporting career development.
7. Enjoy working on an energetic, fun team and have a clear ability to drive the business forward as part of a highly collaborative team. You work closely with other managers to model and reinforce norms, Agile practices and promote overall partner engagement, while acting in accordance with Starbucks guiding principles and values.

Qualifications:

Wed love to hear from people with:

1. Progressive experience in information security, compliance or data privacy disciplines, 7-10 years
2. Experience developing and delivering technology platforms or services 5-7 yrs.
3. Ability to apply knowledge of multidisciplinary business principles and practices to achieve successful outcomes in cross-functional projects and activities.
4. Ability to engage in difficult conversations that result in positive, actionable outcomes.
5. Exceptional written and verbal communication, with an aptitude for translating complex, technical subjects into clear, business-oriented communications.
6. Ability to work across diverse organizations and lead complex internal and external project teams.
7. Ability to present strategic and tactical roadmaps and objectives to all levels of leadership, advising and influencing.
8. Technical background and understanding in multiple areas of information security technologies and principles.
9. Certifications such as CISSP, CISM, CIPM or others focused on information security, data privacy or information risk management is desired.

Compensation:

From free coffee to competitive pay, Starbucks is proud to offer a comprehensive compensation and benefits package to our eligible part-time and full-time partners. Benefits include 100% tuition coverage through our Starbucks College Achievement Plan, health coverage with a variety of plans to choose from, and stock & savings programs like our equity reward program, Bean Stock. Whats more, Starbucks offers flexible scheduling and opportunities for paid time off. Visit for details.

If you live in the greater Seattle area, we offer a flexible workplace that allows for hybrid work. Partners can work remotely up to two days per week.

Join us and inspire with every cup. Apply today!

#J-18808-Ljbffr

**Director Enterprise Security Governance**
**Full Time Perm**
**Way of Work** **:** Hybrid
**Salary** **:** $155,400 - $33,100, plus equity and 25% annual bonus
**Location:** Columbus, OH or Merrillville, IN
**Relocation Assistance Provided**
The Director of Enterprise Security Governance supports the Chief Information Security Officer (CISO) and will focus on maintaining and maturing the enterprise-wide corporate security program commensurate with NiSource's risk tolerance. In this role you will be response for leading the development and implementation of a comprehensive cybersecurity risk management program. This role involves establishing a governance framework for managing cyber risk, integrating cyber risks into the enterprise risk management strategy, and providing regular reporting to executive leadership. The Director of Enterprise Security Governance will collaborate with various teams to ensure that cybersecurity risks are effectively managed within the context of broader business risks. Overall in this role you will ensure the cybersecurity program is compliant and risk is being reduced. This leader must have proven experience in successfully implementing and maintaining a cybersecurity risk management program which includes vendor management.
Your responsibilities may include, but are not limited to:
+ Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure that cyber risks are aligned with overall business risks and priorities.
+ Lead the cybersecurity team in conducting risk assessments to identify, assess, prioritize, and mitigate potential security vulnerabilities and risks. Develop and implement structured processes to continuously monitor and manage threats to the company's assets.
+ Drive the development and maintenance of cyber security policies, standards, and procedures in alignment with national frameworks, best practices, and regulatory requirements (e.g., NIST, NERC, TSA Gas) to ensure comprehensive protection exists to ensure a safe, secure, and resilient technology environment and information assets. Enforce compliance with relevant regulations and standards, including NERC, SOX, PCI DSS, and other federal and state regulations.
+ Receive assessment/ audit findings, legal obligations, compliance, and regulatory requirements as input to policy development; manage remediation activities.
+ Assess and enhance the control environment by identifying gaps and recommending improvements.
+ Create a cybersecurity awareness culture, ensuring appropriate focus on cybersecurity initiatives, and providing executive leadership reporting to assist the CISO.
+ Stay current on the latest threats and security trends to proactively address potential risks.
+ Represent NiSource in, and contribute to, industry forums and regulatory engagements to enhance the cybersecurity related legal and regulatory environment.
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
**Minimum Qualifications**
+ Bachelor's degree or relevant work experience.
+ 15+ years of experience in enterprise-wide cybersecurity program governance, or an equivalent combination of education and work experience
+ 10+ years of experience leading and working within a collaborative, cross-functional, team-based environment
+ 5+ years of experience implementing NIST Cybersecurity Framework (CSF) and other industry standards.
+ 5+ years of experience in developing, implementing, and managing cybersecurity policies, procedures, and standards
**Preferred Qualifications**
+ CISSP Certified Information Systems Security Professional Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or relevant certification
**Disclaimer**
The preceding description is not designed to be a complete list of all duties and responsibilities required of the position.
#OhioMeansJobs #ColumbusOH #Columbus #OhioTech #Hybrid #NiSource #EnergyJobs #Utility #Utilities #WomenImpactTech #NICEFrameworkOGWRL002 #SecurityGovernance #NIST #Cyber #Cybersecurity #CISSP #Risk #ISC2 #RiskAssessment #NowHiring #NERC #CyberGovernance #CyberRisk #Security
_As a public utility, NiSource is required to provide continuous service to customers at all times. To ensure we fulfill that obligation, employees may be required to work outside their normal work hours and perform tasks outside of their normal responsibilities in support of emergency operations._
**Work Authorization**
Authorized to work in the United States without requiring sponsorship.
**Workplace Connection**
Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.
Respect the unique lived experiences within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represents all walks of life and all backgrounds.
Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment.
**Equal Employment Opportunity**
NiSource is committed to providing equal employment opportunities in each of its companies to all employees and applicants for employment without regard to race, color, religion, national origin or ancestry, veteran status, disability, gender, age, marital status, sexual orientation, gender identity, sex (including pregnancy, lactation, childbirth or related medical conditions), genetic information, citizenship status, or any protected group status as defined by law. Each employee is expected to abide by this principle.
**By applying, you may be considered for other job opportunities.**
**Safety Statement**
Promote a safe work environment by actively participating in all aspects of our employee safety program. Report any unsafe conditions and take actions to prevent personal injuries. Support our interdependent safety culture by ensuring the safety of your co-workers. Stay focused on the task at hand and promote productivity through good work habits.
**Salary Range*:**
155,400.00 - 233,100.00
**_*The salary offered to a candidate is_** **_based on several factors including_** **_but not limited to_** **_the_** **_candidate's skills, job-related knowledge, and relevant experience_** **_, as well as internal pay equity_** **_._**
**Posting Start Date:**
2025-08-15
**Posting End Date (if applicable):**
2025-09-02
**Please note that the job posting will close on the day before the posting end date.**
At NiSource, you'll be part of the team serving nearly four million customers throughout the Midwest and Mid-Atlantic, who count on us to energize their homes and businesses. Whether speaking with customers by phone, analyzing financial data or installing new gas lines in a neighborhood, you'll meet exciting challenges each day and make the most of your skills and talents. And you'll be part of a company that was named by Forbes magazine as one of America's Best Large Employers.
We're looking for talent from all backgrounds. We invite candidates of all abilities to come as they are and do what they love. Through our years of successful growth, we've stayed true to our roots by making a difference in the lives of millions of our customers. If you're interested in joining an inclusive, innovative company that fosters opportunity for growth, NiSource might be the place for you.

**Director Enterprise Security Governance**
**Full Time Perm**
**Way of Work** **:** Hybrid
**Salary** **:** $155,400 - $33,100, plus equity and 25% annual bonus
**Location:** Columbus, OH or Merrillville, IN
**Relocation Assistance Provided**
The Director of Enterprise Security Governance supports the Chief Information Security Officer (CISO) and will focus on maintaining and maturing the enterprise-wide corporate security program commensurate with NiSource's risk tolerance. In this role you will be response for leading the development and implementation of a comprehensive cybersecurity risk management program. This role involves establishing a governance framework for managing cyber risk, integrating cyber risks into the enterprise risk management strategy, and providing regular reporting to executive leadership. The Director of Enterprise Security Governance will collaborate with various teams to ensure that cybersecurity risks are effectively managed within the context of broader business risks. Overall in this role you will ensure the cybersecurity program is compliant and risk is being reduced. This leader must have proven experience in successfully implementing and maintaining a cybersecurity risk management program which includes vendor management.
Your responsibilities may include, but are not limited to:
+ Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure that cyber risks are aligned with overall business risks and priorities.
+ Lead the cybersecurity team in conducting risk assessments to identify, assess, prioritize, and mitigate potential security vulnerabilities and risks. Develop and implement structured processes to continuously monitor and manage threats to the company's assets.
+ Drive the development and maintenance of cyber security policies, standards, and procedures in alignment with national frameworks, best practices, and regulatory requirements (e.g., NIST, NERC, TSA Gas) to ensure comprehensive protection exists to ensure a safe, secure, and resilient technology environment and information assets. Enforce compliance with relevant regulations and standards, including NERC, SOX, PCI DSS, and other federal and state regulations.
+ Receive assessment/ audit findings, legal obligations, compliance, and regulatory requirements as input to policy development; manage remediation activities.
+ Assess and enhance the control environment by identifying gaps and recommending improvements.
+ Create a cybersecurity awareness culture, ensuring appropriate focus on cybersecurity initiatives, and providing executive leadership reporting to assist the CISO.
+ Stay current on the latest threats and security trends to proactively address potential risks.
+ Represent NiSource in, and contribute to, industry forums and regulatory engagements to enhance the cybersecurity related legal and regulatory environment.
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
**Minimum Qualifications**
+ Bachelor's degree or relevant work experience.
+ 15+ years of experience in enterprise-wide cybersecurity program governance, or an equivalent combination of education and work experience
+ 10+ years of experience leading and working within a collaborative, cross-functional, team-based environment
+ 5+ years of experience implementing NIST Cybersecurity Framework (CSF) and other industry standards.
+ 5+ years of experience in developing, implementing, and managing cybersecurity policies, procedures, and standards
**Preferred Qualifications**
+ CISSP Certified Information Systems Security Professional Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or relevant certification
**Disclaimer**
The preceding description is not designed to be a complete list of all duties and responsibilities required of the position.
#OhioMeansJobs #ColumbusOH #Columbus #OhioTech #Hybrid #NiSource #EnergyJobs #Utility #Utilities #WomenImpactTech #NICEFrameworkOGWRL002 #SecurityGovernance #NIST #Cyber #Cybersecurity #CISSP #Risk #ISC2 #RiskAssessment #NowHiring #NERC #CyberGovernance #CyberRisk #Security
_As a public utility, NiSource is required to provide continuous service to customers at all times. To ensure we fulfill that obligation, employees may be required to work outside their normal work hours and perform tasks outside of their normal responsibilities in support of emergency operations._
**Work Authorization**
Authorized to work in the United States without requiring sponsorship.
**Workplace Connection**
Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.
Respect the unique lived experiences within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represents all walks of life and all backgrounds.
Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment.
**Equal Employment Opportunity**
NiSource is committed to providing equal employment opportunities in each of its companies to all employees and applicants for employment without regard to race, color, religion, national origin or ancestry, veteran status, disability, gender, age, marital status, sexual orientation, gender identity, sex (including pregnancy, lactation, childbirth or related medical conditions), genetic information, citizenship status, or any protected group status as defined by law. Each employee is expected to abide by this principle.
**By applying, you may be considered for other job opportunities.**
**Safety Statement**
Promote a safe work environment by actively participating in all aspects of our employee safety program. Report any unsafe conditions and take actions to prevent personal injuries. Support our interdependent safety culture by ensuring the safety of your co-workers. Stay focused on the task at hand and promote productivity through good work habits.
**Salary Range*:**
155,400.00 - 233,100.00
**_*The salary offered to a candidate is_** **_based on several factors including_** **_but not limited to_** **_the_** **_candidate's skills, job-related knowledge, and relevant experience_** **_, as well as internal pay equity_** **_._**
**Posting Start Date:**
2025-08-15
**Posting End Date (if applicable):**
2025-09-02
**Please note that the job posting will close on the day before the posting end date.**
At NiSource, you'll be part of the team serving nearly four million customers throughout the Midwest and Mid-Atlantic, who count on us to energize their homes and businesses. Whether speaking with customers by phone, analyzing financial data or installing new gas lines in a neighborhood, you'll meet exciting challenges each day and make the most of your skills and talents. And you'll be part of a company that was named by Forbes magazine as one of America's Best Large Employers.
We're looking for talent from all backgrounds. We invite candidates of all abilities to come as they are and do what they love. Through our years of successful growth, we've stayed true to our roots by making a difference in the lives of millions of our customers. If you're interested in joining an inclusive, innovative company that fosters opportunity for growth, NiSource might be the place for you.

**Director Enterprise Security Governance**
**Full Time Perm**
**Way of Work** **:** Hybrid
**Salary** **:** $155,400 - $33,100, plus equity and 25% annual bonus
**Location:** Columbus, OH or Merrillville, IN
**Relocation Assistance Provided**
The Director of Enterprise Security Governance supports the Chief Information Security Officer (CISO) and will focus on maintaining and maturing the enterprise-wide corporate security program commensurate with NiSource's risk tolerance. In this role you will be response for leading the development and implementation of a comprehensive cybersecurity risk management program. This role involves establishing a governance framework for managing cyber risk, integrating cyber risks into the enterprise risk management strategy, and providing regular reporting to executive leadership. The Director of Enterprise Security Governance will collaborate with various teams to ensure that cybersecurity risks are effectively managed within the context of broader business risks. Overall in this role you will ensure the cybersecurity program is compliant and risk is being reduced. This leader must have proven experience in successfully implementing and maintaining a cybersecurity risk management program which includes vendor management.
Your responsibilities may include, but are not limited to:
+ Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure that cyber risks are aligned with overall business risks and priorities.
+ Lead the cybersecurity team in conducting risk assessments to identify, assess, prioritize, and mitigate potential security vulnerabilities and risks. Develop and implement structured processes to continuously monitor and manage threats to the company's assets.
+ Drive the development and maintenance of cyber security policies, standards, and procedures in alignment with national frameworks, best practices, and regulatory requirements (e.g., NIST, NERC, TSA Gas) to ensure comprehensive protection exists to ensure a safe, secure, and resilient technology environment and information assets. Enforce compliance with relevant regulations and standards, including NERC, SOX, PCI DSS, and other federal and state regulations.
+ Receive assessment/ audit findings, legal obligations, compliance, and regulatory requirements as input to policy development; manage remediation activities.
+ Assess and enhance the control environment by identifying gaps and recommending improvements.
+ Create a cybersecurity awareness culture, ensuring appropriate focus on cybersecurity initiatives, and providing executive leadership reporting to assist the CISO.
+ Stay current on the latest threats and security trends to proactively address potential risks.
+ Represent NiSource in, and contribute to, industry forums and regulatory engagements to enhance the cybersecurity related legal and regulatory environment.
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
**Minimum Qualifications**
+ Bachelor's degree or relevant work experience.
+ 15+ years of experience in enterprise-wide cybersecurity program governance, or an equivalent combination of education and work experience
+ 10+ years of experience leading and working within a collaborative, cross-functional, team-based environment
+ 5+ years of experience implementing NIST Cybersecurity Framework (CSF) and other industry standards.
+ 5+ years of experience in developing, implementing, and managing cybersecurity policies, procedures, and standards
**Preferred Qualifications**
+ CISSP Certified Information Systems Security Professional Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or relevant certification
**Disclaimer**
The preceding description is not designed to be a complete list of all duties and responsibilities required of the position.
#OhioMeansJobs #ColumbusOH #Columbus #OhioTech #Hybrid #NiSource #EnergyJobs #Utility #Utilities #WomenImpactTech #NICEFrameworkOGWRL002 #SecurityGovernance #NIST #Cyber #Cybersecurity #CISSP #Risk #ISC2 #RiskAssessment #NowHiring #NERC #CyberGovernance #CyberRisk #Security
_As a public utility, NiSource is required to provide continuous service to customers at all times. To ensure we fulfill that obligation, employees may be required to work outside their normal work hours and perform tasks outside of their normal responsibilities in support of emergency operations._
**Work Authorization**
Authorized to work in the United States without requiring sponsorship.
**Workplace Connection**
Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.
Respect the unique lived experiences within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represents all walks of life and all backgrounds.
Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment.
**Equal Employment Opportunity**
NiSource is committed to providing equal employment opportunities in each of its companies to all employees and applicants for employment without regard to race, color, religion, national origin or ancestry, veteran status, disability, gender, age, marital status, sexual orientation, gender identity, sex (including pregnancy, lactation, childbirth or related medical conditions), genetic information, citizenship status, or any protected group status as defined by law. Each employee is expected to abide by this principle.
**By applying, you may be considered for other job opportunities.**
**Safety Statement**
Promote a safe work environment by actively participating in all aspects of our employee safety program. Report any unsafe conditions and take actions to prevent personal injuries. Support our interdependent safety culture by ensuring the safety of your co-workers. Stay focused on the task at hand and promote productivity through good work habits.
**Salary Range*:**
155,400.00 - 233,100.00
**_*The salary offered to a candidate is_** **_based on several factors including_** **_but not limited to_** **_the_** **_candidate's skills, job-related knowledge, and relevant experience_** **_, as well as internal pay equity_** **_._**
**Posting Start Date:**
2025-08-15
**Posting End Date (if applicable):**
2025-09-02
**Please note that the job posting will close on the day before the posting end date.**
At NiSource, you'll be part of the team serving nearly four million customers throughout the Midwest and Mid-Atlantic, who count on us to energize their homes and businesses. Whether speaking with customers by phone, analyzing financial data or installing new gas lines in a neighborhood, you'll meet exciting challenges each day and make the most of your skills and talents. And you'll be part of a company that was named by Forbes magazine as one of America's Best Large Employers.
We're looking for talent from all backgrounds. We invite candidates of all abilities to come as they are and do what they love. Through our years of successful growth, we've stayed true to our roots by making a difference in the lives of millions of our customers. If you're interested in joining an inclusive, innovative company that fosters opportunity for growth, NiSource might be the place for you.

**Director Enterprise Security Governance**
**Full Time Perm**
**Way of Work** **:** Hybrid
**Salary** **:** $155,400 - $33,100, plus equity and 25% annual bonus
**Location:** Columbus, OH or Merrillville, IN
**Relocation Assistance Provided**
The Director of Enterprise Security Governance supports the Chief Information Security Officer (CISO) and will focus on maintaining and maturing the enterprise-wide corporate security program commensurate with NiSource's risk tolerance. In this role you will be response for leading the development and implementation of a comprehensive cybersecurity risk management program. This role involves establishing a governance framework for managing cyber risk, integrating cyber risks into the enterprise risk management strategy, and providing regular reporting to executive leadership. The Director of Enterprise Security Governance will collaborate with various teams to ensure that cybersecurity risks are effectively managed within the context of broader business risks. Overall in this role you will ensure the cybersecurity program is compliant and risk is being reduced. This leader must have proven experience in successfully implementing and maintaining a cybersecurity risk management program which includes vendor management.
Your responsibilities may include, but are not limited to:
+ Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure that cyber risks are aligned with overall business risks and priorities.
+ Lead the cybersecurity team in conducting risk assessments to identify, assess, prioritize, and mitigate potential security vulnerabilities and risks. Develop and implement structured processes to continuously monitor and manage threats to the company's assets.
+ Drive the development and maintenance of cyber security policies, standards, and procedures in alignment with national frameworks, best practices, and regulatory requirements (e.g., NIST, NERC, TSA Gas) to ensure comprehensive protection exists to ensure a safe, secure, and resilient technology environment and information assets. Enforce compliance with relevant regulations and standards, including NERC, SOX, PCI DSS, and other federal and state regulations.
+ Receive assessment/ audit findings, legal obligations, compliance, and regulatory requirements as input to policy development; manage remediation activities.
+ Assess and enhance the control environment by identifying gaps and recommending improvements.
+ Create a cybersecurity awareness culture, ensuring appropriate focus on cybersecurity initiatives, and providing executive leadership reporting to assist the CISO.
+ Stay current on the latest threats and security trends to proactively address potential risks.
+ Represent NiSource in, and contribute to, industry forums and regulatory engagements to enhance the cybersecurity related legal and regulatory environment.
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
**Minimum Qualifications**
+ Bachelor's degree or relevant work experience.
+ 15+ years of experience in enterprise-wide cybersecurity program governance, or an equivalent combination of education and work experience
+ 10+ years of experience leading and working within a collaborative, cross-functional, team-based environment
+ 5+ years of experience implementing NIST Cybersecurity Framework (CSF) and other industry standards.
+ 5+ years of experience in developing, implementing, and managing cybersecurity policies, procedures, and standards
**Preferred Qualifications**
+ CISSP Certified Information Systems Security Professional Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or relevant certification
**Disclaimer**
The preceding description is not designed to be a complete list of all duties and responsibilities required of the position.
#OhioMeansJobs #ColumbusOH #Columbus #OhioTech #Hybrid #NiSource #EnergyJobs #Utility #Utilities #WomenImpactTech #NICEFrameworkOGWRL002 #SecurityGovernance #NIST #Cyber #Cybersecurity #CISSP #Risk #ISC2 #RiskAssessment #NowHiring #NERC #CyberGovernance #CyberRisk #Security
_As a public utility, NiSource is required to provide continuous service to customers at all times. To ensure we fulfill that obligation, employees may be required to work outside their normal work hours and perform tasks outside of their normal responsibilities in support of emergency operations._
**Work Authorization**
Authorized to work in the United States without requiring sponsorship.
**Workplace Connection**
Value inclusion within your day to day responsibilities by respecting others perspectives/convictions, engaging others opinions, creating a safe environment where people, ideas, and opinions are valued within your Team/Customers and external partners.
Respect the unique lived experiences within your Team/Customers and external work partners by valuing different world views, challenges, and cultures that represents all walks of life and all backgrounds.
Treat others with respect and consideration. Actively participate in creating and contributing to a positive work environment.
**Equal Employment Opportunity**
NiSource is committed to providing equal employment opportunities in each of its companies to all employees and applicants for employment without regard to race, color, religion, national origin or ancestry, veteran status, disability, gender, age, marital status, sexual orientation, gender identity, sex (including pregnancy, lactation, childbirth or related medical conditions), genetic information, citizenship status, or any protected group status as defined by law. Each employee is expected to abide by this principle.
**By applying, you may be considered for other job opportunities.**
**Safety Statement**
Promote a safe work environment by actively participating in all aspects of our employee safety program. Report any unsafe conditions and take actions to prevent personal injuries. Support our interdependent safety culture by ensuring the safety of your co-workers. Stay focused on the task at hand and promote productivity through good work habits.
**Salary Range*:**
155,400.00 - 233,100.00
**_*The salary offered to a candidate is_** **_based on several factors including_** **_but not limited to_** **_the_** **_candidate's skills, job-related knowledge, and relevant experience_** **_, as well as internal pay equity_** **_._**
**Posting Start Date:**
2025-08-15
**Posting End Date (if applicable):**
2025-09-02
**Please note that the job posting will close on the day before the posting end date.**
At NiSource, you'll be part of the team serving nearly four million customers throughout the Midwest and Mid-Atlantic, who count on us to energize their homes and businesses. Whether speaking with customers by phone, analyzing financial data or installing new gas lines in a neighborhood, you'll meet exciting challenges each day and make the most of your skills and talents. And you'll be part of a company that was named by Forbes magazine as one of America's Best Large Employers.
We're looking for talent from all backgrounds. We invite candidates of all abilities to come as they are and do what they love. Through our years of successful growth, we've stayed true to our roots by making a difference in the lives of millions of our customers. If you're interested in joining an inclusive, innovative company that fosters opportunity for growth, NiSource might be the place for you.