Cybersecurity GRC Manager

Excelitas is a global technology leader with more than 7,500 employees, focused on delivering market-driven solutions to fulfill the illumination, optical, detection and imaging needs of OEMs and end-users across the biomedical, semiconductor, industrial, consumer products, scientific, security, defense and aerospace sectors.

ENGAGE with us today and make your contribution to the future! Join the team that leading technology companies turn to for cutting-edge photonic innovation. At Excelitas Technologies you are how we EXCEL.

We are presently seeking a Cybersecurity GRC Manager who will work out of our corporate headquarters in Pittsburgh, PA. and is committed to ensuring overall business success and corporate governance. In addition to a vast portfolio of high-performance photonic products and technologies, Excelitas offers single source convenience and reliability for integrated end-to-end photonic solutions… from light source to sensor, and everything in between. We excel at delivering innovative and customized components, sub-assemblies and fully integrated photonic systems to meet the unique illumination, optronic, sensing and optical technology needs of global OEM customers.

Main responsibilities:

Governance & Policy Development

• Develop, maintain, and govern information security policies, standards, and procedures, ensuring alignment with regulatory, contractual, and customer requirements;
• Ensure policies and related documentation are clear, practical, enforceable, and reviewed on a defined, documented cadence;
• Translate external regulatory, contractual, and customer security requirements into internal control expectations and actionable guidance;
• Monitor changes in regulatory requirements and industry frameworks, assessing organizational impact and driving updates to policies and controls as needed;
• Manage the policy exception and waiver process, ensuring risk assessment, appropriate approval, time-bound tracking, and resolution;

Compliance & Regulatory Assurance

• Support and manage compliance with CMMC Level 2, SOX, and other regulatory or customer-driven security requirements;
• Develop and maintain CMMC program documentation, including system boundaries, data flows, interconnections, and control implementations;
• Maintain the organization’s SPRS score in coordination with Cybersecurity, Infrastructure, and control owners, ensuring alignment with the current security assessment posture;
• Support SOX IT General Controls (ITGCs), including access reviews, change management, and IT operations controls;
• Manage remediation activities across audit findings, control gaps, and POA&Ms, ensuring clear ownership, validated closure evidence, and timely resolution;
• Serve as the primary point of contact for internal and external audits, coordinating walkthroughs, evidence collection, control testing, and ensuring timely, high-quality responses;
•  

IT Security Risk Management

• Conduct IT security risk assessments, documenting risks, impacts, likelihood, and mitigation plans;
• Maintain the enterprise IT security risk register and track risks through remediation or formal risk acceptance;
• Provide risk-based guidance to stakeholders on control design, security architecture decisions, and risk acceptance;
• Develop and maintain GRC dashboards, metrics, and reporting to provide visibility into risk posture, control effectiveness, and program health;
• Prepare and deliver risk briefings and GRC program updates to senior leadership, ensuring informed decision-making and documented risk acceptance;
• Support and mature the Third-Party Risk Management (TPRM) program, including risk assessments and ongoing monitoring;
• Support the development and delivery of security awareness and compliance training programs aligned with organizational and regulatory requirements;
• Identify opportunities for process improvement and automation within GRC workflows, including evaluation and implementation of GRC tooling;

GRC Team Management

• Manage day-to-day activities of GRC analysts;
• Conduct performance reviews and annual goal setting;
• Drive team development, capability building, and professional growth;

Requirements:

·  5+ years of progressive experience in IT Security Governance, Risk & Compliance (GRC) or related disciplines;

·  Strong working knowledge of CMMC and NIST SP 800-171 requirements, SOX IT General Controls (ITGCs), Third-Party Risk Management (TPRM), and IT security risk management frameworks;

·  Demonstrated ability to develop and maintain security policies, procedures, and standards that are clear, enforceable, and audit-ready;

·  Hands-on experience supporting internal and external audits, including evidence preparation, walkthrough facilitation, and remediation of findings;

·  Strong analytical, organizational, documentation, and communication skills;

·  Proven ability to manage multiple concurrent workstreams and drive activities to timely completion with minimal supervision;

·  U.S. Person status as defined under ITAR (22 CFR §120.62), required due to access to export-controlled information and Controlled Unclassified Information (CUI);

Preferred Qualifications:

• Experience in regulated environments such as a public company, defense, aerospace, manufacturing, or other highly regulated industries;
• Familiarity with frameworks such as NIST SP 800-171, NIST SP 800-53, ISO/IEC 27001/27002, NIST CSF, COSO, COBIT;
• Experience with GRC tools (e.g., AuditBoard/Optro, Archer, ZenGRC, or similar);
• Working knowledge of safeguarding CUI and export control requirements (ITAR, EAR, DFARS 252.204-7012);
• Experience with cloud security compliance in Microsoft 365 / Azure environments, including GCC-High;
• Experience developing or maintaining System Security Plans (SSPs) and POA&Ms;
• Professional certifications such as CISA, CISM, CRISC, CISSP, RP, CCP.

Please Note:

• This position requires the use of information which is subject to the International Traffic in Arms Regulations (ITAR)
• No relocation offered for this position
• Must be a US Persons/No sponsorship offered for this position
• Equal Opportunity/Affirmative Action Employer
• Equal opportunity employer; Minorities/Females/Disability/Gender Identity/Sexual Orientation
• Excelitas is seeking leaders and innovators to join our global team! Visit: www.excelitas.com/join-our-team

#LI-AM1