Vernon, California

Interview Process 2 3 Zoom video interviews
May require onsite interview in Vernon, CA


Role Overview
Forgent is seeking a hands-on Program Lead for Governance, Risk & Compliance (GRC) to build, lead, and mature the enterprise GRC program. This role is accountable for ISO/IEC 27001 certification readiness and maintenance, as well as SOX IT compliance across IT general controls, application controls, and operational technology (OT) in a manufacturing environment.

The Program Lead will work cross-functionally with IT, Finance, Internal Audit, Legal, and Plant Operations, while managing internal teams and external vendors to ensure continuous compliance across a global footprint.


Must-Have Requirements
Active LinkedIn profile with photo
10 15+ years of progressive experience in IT Audit, IT Controls, or Enterprise Risk
5+ years leading GRC programs in public companies
End-to-end ISO/IEC 27001 implementation experience (ISMS design through certification)
Strong SOX 404 ITGC ownership experience, including scoping, control design, testing, and remediation
Experience supporting ERP environments such as SAP or Oracle
Mandatory Certification: ISO/IEC 27001 Lead Implementer and/or Lead Auditor

Key Responsibilities
Governance & Program Leadership
Establish and mature an enterprise GRC program aligned with ISO 27001, SOX, NIST CSF, and CIS Controls
Own the full ISMS lifecycle, including risk assessments, Statement of Applicability, internal audits, and certification readiness
Define and maintain information security policies, standards, and procedures
Lead governance forums such as Risk & Compliance Committees and CAB meetings
Risk Management
Implement enterprise risk management for information and technology risks

Build and manage third-party/vendor risk management (TPRM) programs
Integrate OT and manufacturing risks (ICS/SCADA, IIoT) into the enterprise risk register

Compliance ISO 27001 & SOX
Lead ISO 27001 certification efforts, audits, and surveillance activities
Own SOX ITGCs and application controls, including documentation, testing, and remediation
Align IAM, change management, and IT operations to SOX and ISO standards
Partner with Finance on financial reporting and compliance risks

Audit & Assurance
Execute internal audits and coordinate external audits (ISO, SOX, PCI)
Build defensible control evidence repositories
Maintain control libraries and framework mappings

Tooling, Automation & Metrics
Implement and manage GRC platforms (ServiceNow GRC, Archer, Drata, Vanta, OneTrust)
Enable continuous control monitoring and analytics
Develop KPIs/KRIs and executive-level dashboards

Leadership & Vendor Management
Lead distributed teams and external consulting partners
Manage SOWs, budgets, SLAs, and vendor performance
Drive a culture of accountability and continuous improvement

Training, Incident Response & Resilience
Oversee compliance training and awareness programs
Ensure incident response, BCP/DR governance, and audit readiness
Partner with Legal and Privacy teams on regulatory and data protection matters

Qualifications
Education
Bachelor's degree in Information Systems, Computer Science, Engineering, Accounting/Finance, or related field
Advanced degree (MBA, MS) is a plus

Certifications (Preferred)
ISO/IEC 27001 Lead Implementer or Lead Auditor (Mandatory)
CISA
CISM, CISSP
CRISC, CGEIT
ITIL Foundation

Skills & Competencies
Hands-on control design and audit evidence creation
Strong understanding of IAM, CMDB, SIEM/SOAR, and vulnerability management
Risk quantification and pragmatic prioritization
Executive-level communication and board reporting
Ability to balance compliance rigor with manufacturing agility