Clorox is the place that's committed to growth - for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team. #CloroxIsThePlace Your role at Clorox: We are seeking an experienced leader to spearhead our enterprise Cybersecurity Governance, Risk, and Compliance (GRC) program. This role encompasses cyber risk management, governance, compliance, Third Party Vendor Risk Management, and Human Risk Management. As a leader, you will be accountable for identifying, evaluating, reporting, and managing information security risks to meet compliance and regulatory requirements, while building business confidence in our cybersecurity program. Success in this role requires proactive collaboration with cross-functional stakeholder teams across the enterprise to ensure alignment and application of practices that support business goals and meet defined policies and standards for information security. As a strategic thinker, you will navigate the complex landscape of regulatory requirements, privacy concerns, and evolving security threats. You will define product roadmaps, prioritize features, and manage your product team to uphold the organization's cybersecurity standards and governance. Collaboration with key stakeholders across the organization is crucial to ensure the maintenance and continuous evolution of the GRC environment, ensuring sensitive data is appropriately managed and risk processes are aligned with our enterprise strategic objectives. In this role, you will: Governance * Develop and maintain the security governance framework, policies, and procedures aligned with industry standards and best practices. * Ensure that the organization adheres to established governance guidelines. * Collaborate with the business, IT Infrastructure and Applications leaders to implement and enforce standards and control objectives throughout the organization. Risk Management * Identify, assess, and prioritize security risks related to assets, systems, and data. * Define security improvements to resolve or mitigate security findings or otherwise enhance security posture to achieve compliance with all security initiatives. * Implement risk mitigation strategies and controls to minimize exposure to threats and vulnerabilities. * Conduct regular security risk assessments and provide recommendations for remediation actions. * Evaluate and manage security risks associated with third-party vendors and service providers. * Overseeing audits, penetration tests, and forensic investigations, ensuring that findings are comprehensively understood and effectively remediated. Compliance * Establish and maintain an effective compliance framework aligned with applicable laws, regulations, and global industry standards. * Ensure compliance with regulatory mandates and reporting requirements. * Oversee internal and external audits, addressing findings and implementing corrective actions. * Enforce standards of multiple security frameworks, including SOX, PCI, and Global Privacy regulations (e.g., CCPA, GDPR) Training and Awareness * Drive strategy for the Human Risk Management Program * Lead educational initiatives to promote a culture of risk awareness and compliance among employees and third parties. * Address the unique threats and risks specific to the organization's business and technological environment. Stakeholder Engagement * Collaborate with executive leadership and internal stakeholders to align security initiatives with business objectives. * Serve as the main liaison for business units and functions, ensuring cybersecurity risks are effectively identified, assessed, and managed. * Engage with external stakeholders, including regulators, partners, and vendors, on GRC matters. Leadership and Management * Build and nurture a high-performing team, fostering professional growth and ensuring the team is equipped to meet organizational goals. * Develop and maintain a comprehensive cybersecurity architecture and roadmap in alignment with GRC/Privacy organizational standards. * Keep abreast of the latest cybersecurity trends, threat landscapes, and technologies, recommending and implementing appropriate strategies and solutions. * Foster a culture of continuous improvement and innovation within the product team, constantly seeking opportunities for enhancement and optimization. * Define the overall product roadmap and collaborate with teams to develop and execute a backlog that aligns with group priorities. What we look for: * 10 plus years of experience as a product owner or in a similar role within Cybersecurity GRC and Privacy. * Relevant industry certifications such as CISSP, CISA, CISM, or CRISC are preferred. * Experience with IT GRC tools (e.g., ServiceNow IRM, OneTrust) and developing successful risk management programs. * Knowledge of security and privacy frameworks and regulations, including ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, and GDPR. * Advanced understanding of information security concepts, including cloud security, compliance, access controls, and disaster recovery. * Proven ability to coordinate cross-functional teams and stakeholders globally to achieve operational goals and deliver technology initiatives. * Track record of mentoring and managing teams of experienced technologists, setting clear priorities to achieve organizational goals. * Hands-on experience in software development with a focus on cybersecurity outcomes and leadership in information security and risk management. * Strategic planning and roadmap development skills to implement strategic plans and manage product roadmaps. * Strong communication and leadership abilities to guide and inspire teams, along with expertise in risk management, privacy, data security, and incident response. #LI-HYBRID Workplace type: Hybrid- 3 Days in Office, 2 Days WFH We seek out and celebrate diverse backgrounds and experiences. We're looking for fresh perspectives, a desire to bring your best, and a non-stop drive to keep growing and learning. At Clorox, we have a Culture of Inclusion. We believe our values-based culture connects to our purpose and helps our people be the best versions of themselves, professionally and personally. This means building a workplace where every person can feel respected, valued, and fully able to participate in our Clorox community. Learn more about our I&D program & initiatives here. [U.S.]Additional Information: At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates' unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more. We are committed to fair and equitable pay and are transparent with current and future teammates about our full salary ranges. We use broad salary ranges that reflect the competitive market for similar jobs, provide sufficient opportunity for growth as you gain experience and expand responsibilities, while also allowing for differentiation based on performance. Based on the breadth of our ranges, most new hires will start at Clorox in the first half of the applicable range. Your starting pay will depend on job-related factors, including relevant skills, knowledge, experience and location. The applicable salary range for every role in the U.S. is based on your work location and is aligned to one of three zones according to the cost of labor in your area. -Zone A: $148,500 - $298,600 -Zone B: $136,200 - $273,700 -Zone C: $123,800 - $248,800 All ranges are subject to change in the future. Your recruiter can share more about the specific salary range for your location during the hiring process. This job is also eligible for participation in Clorox's incentive plans, subject to the terms of the applicable plan documents and policies. Please apply directly to our job postings and do not submit your resume to any person via text message. Clorox does not conduct text-based interviews and encourages you to be cautious of anyone posing as a Clorox recruiter via unsolicited texts during these uncertain times. To all recruitment agencies: Clorox (and its brand families) does not accept agency resumes. Please do not forward resumes to Clorox employees, including any members of our leadership team. Clorox is not responsible for any fees related to unsolicited resumes.