IT Program Manager - Cyber Compliance. The expected annual salary range for this role is $130000 - $190000 a year. This role can sit out of one of the following locations: Beachwood OH, Galesburg MI, Houston TX, Menomonee Falls WI, Moon Township PA, or Raleigh NC.
What you'll do:
Position Overview:
The Program Manager - IT Cyber Compliance orchestrates and delivers Eaton's multi-framework cybersecurity compliance program end to end, translating the CISO's compliance vision into an executable, measurable plan. The role is the driving force behind Eaton's pivot from reactive, event- and audit-driven activity to a continuous, assurance-based compliance capability - treating certifications as a strategic capability rather than a one-time event.
This is a delivery-accountable program management role with deep compliance expertise. The Program Manager runs the full program lifecycle - scope, schedule, budget, risk, dependencies, and outcomes - across concurrent certification and assessment workstreams spanning CMMC 2.0, SOC 2, ISO 27001, Cyber Essentials Plus (CE+). Success is the consistent, predictable achievement and sustainment of compliance assurance that protects revenue, contract eligibility, and customer preference with Eaton's largest customers and regulators.
The role is a key contributor to Eaton's "Test-Once / Apply-Many" evidence model, enabling reusable assurance across multiple regulatory and customer frameworks, directly supporting the Eaton CISO's Strategy.
Key Responsibilities:
Compliance Program Leadership & Delivery
• Own end-to-end delivery of Eaton's Cyber Compliance Transformation Program, meeting defined objectives, timelines, scope, budget, and business outcomes across all in-scope frameworks, control and sites.
• Translate the CISO's compliance strategy into an integrated program plan, roadmap, and roles-and-responsibilities matrix; maintain the program charter as the authoritative governing artifact.
• Operate a single program intake so framework demands are prioritized, sequenced, and paced through one coordinated model rather than competing efforts.
Framework-Specific Compliance Expertise
• CMMC 2.0 (critical path): lead Level 2 readiness across in-scope environments - self-assessment, POA&M remediation, CUI protection, C3PAO assessment scheduling and execution - aligned to NIST SP 800-171 and US Department of Defense / Department of War contract requirements.
• SOC 2: manage readiness and examination cycles against the Trust Services Criteria, coordinating control evidence and auditor engagement for shared services and customer-facing environments.
• ISO 27001: sustain ISMS certification and surveillance/re-assessment cycles across certified sites, including mandatory documentation, internal audits, and external (e.g., BSI) assessments.
• Cyber Essentials & CE+: drive certification and vulnerability-remediation readiness required for UK MOD and BAE contractual obligations, coordinating with assessors (e.g., URM / IASME) and site owners.
• TISAX & sector regulations: maintain TISAX and adjacent regulatory obligations (e.g., EASA Part-IS for aerospace sites), mapping shared controls to reduce duplicate effort.
Unified Control & Continuous Assurance
• Advance the Unified Control Framework and "Test-Once / Apply-Many" evidence model so a single control set and reusable evidence satisfy many frameworks.
• Shift the program from point-in-time audits to continuous control testing and monitoring, ensuring controls operate effectively and assurance can be demonstrated at any time.
• Partner with Internal Audit to define what "great" looks like, validate control testing models, and reduce exceptions through standardized remediation and tracking.
Stakeholder, Risk, Dependency & Financial Management
• Serve as the face of the program - owning the plan, risks, executive presentations, and escalations - and the senior point of coordination with control owners, regional security leads, IT, legal, and business stakeholders.
• Proactively identify, mitigate, and resolve risks, issues, and cross-framework dependencies to protect delivery timelines, using a CISO-level escalation path where needed.
• Actively manage budgets, forecasts, and resources to optimize delivery efficiency and program value.
Key Responsibilities:
Audit Readiness & Assessment Execution
• Lead assessment-ready posture - compliance preparation playbooks, mock assessments, and standardized audit responses - and sequence concurrent certifications through a roadmap-based plan.
• Oversee the quality, traceability, and reuse of compliance evidence in Eaton's systems of record, and coordinate post-assessment issue tracking and remediation validation.
Governance, Reporting & Program Performance
• Deliver decision-ready visibility into program health through status reporting, OKRs/KPIs/KRIs, leadership presentations, and steering-committee facilitation, with timely minutes, actions, and follow-ups.
• Apply disciplined program governance and methodology to keep multi-workstream delivery on track and decision-making timely.
Innovation, Automation & AI Enablement
• Champion scaling compliance through automation and AI - improving evidence quality and reuse, accelerating customer and regulatory questionnaire responses, and surfacing trends, gaps, and emerging risks.
• Pilot and embed continuous control monitoring and GRC tooling that reduces manual effort while improving predictability and quality, alongside the risk enablement team.
Continuous Improvement & Maturity Advancement
• Advance Eaton's Compliance Maturity Model from Reactive Proactive Optimized, applying lessons learned to streamline processes and strengthen integration across risk, controls, and compliance.
Qualifications:
Required Qualifications:
• Bachelor's degree from an accredited institution in Information Security, Risk Management, Information Technology, Business Administration, or a related field (or equivalent experience).
• 10+ years of experience in program/project management, with significant time leading cybersecurity compliance, GRC, audit, or assurance programs.
• Strong working knowledge of cybersecurity compliance frameworks - CMMC 2.0 / NIST SP 800-171, ISO 27001, SOC 2, Cyber Essentials / CE+, and TISAX.
• Proven ability to deliver large, multi-workstream programs end to end - scope, schedule, budget, risk, and dependencies - and meet delivery commitments.
• Strong leadership, analytical, problem-solving, documentation, and stakeholder-management skills.
• Excellent communication and presentation skills, including executive and steering-committee engagement.
• Ability to operate effectively and independently in a global, matrixed organization.
• This position requires access to export-controlled information. To conform to U.S. Government export regulations applicable to that information, applicant must be a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (green card holder), (iii) refugee under 8 U.S.C. 1157, or (iv) asylee under 8 U.S.C. 1158
• No relocation is offered for this position. All candidates must currently reside within 50 miles of Beachwood, OH: Moon Township, PA: Galesburg MI: Houston TX: Menomonee Falls WI: or Raleigh NC.
Preferred Qualifications:
• Program/project management certification - PMP, PgMP, Scrum Master, or Product Owner.
• Compliance/security certifications - e.g., CMMC Registered Practitioner (RP) / Certified Professional (CCP), CISA, CISM, or ISO 27001 Lead Implementer / Lead Auditor.
• Experience with unified control frameworks and "Test-Once / Apply-Many" assurance models.
• Familiarity with continuous control monitoring, GRC automation platforms, and AI-enabled compliance, audit, or risk tooling.
• Experience partnering closely with Internal Audit and enterprise risk teams.
• Experience in regulated or defense/aerospace environments (e.g., US DoD/DoW, UK MOD, EASA, C3PAO assessments, CUI/ITAR).
Additional Informtion:
Strategic Alignment:
• Achieving and sustaining assurance of compliance across CMMC 2.0, SOC 2, ISO 27001, CE+, and TISAX
• Protecting revenue, contract eligibility, and customer preference
• Reducing evidence duplication and exceptions through unified controls and continuous testing
• Delivering predictable, high-quality, assessment-ready compliance outcomes
• Embedding innovation and AI into compliance operations
Success is measured by readiness, reuse, reduced exceptions, fewer repeat findings, and sustained assurance.
Why This Role Matters at Eaton
The Compliance Program Manager is the execution engine of Eaton's compliance transformation. By bringing disciplined program management to deep, framework-specific expertise, this role turns fragmented, reactive certification efforts into a trusted, optimized, and business-enabling capability - protecting revenue and contract eligibility, strengthening customer and regulator confidence, and ensuring compliance is sustained, evidenced, and resilient at scale.
All positions may require participation in video and in-person interviews as part of the hiring process. All candidates will be evaluated based on job-related competencies, and all candidates' privacy rights and data security will be protected in accordance with applicable laws.
We know that good benefit programs are important to employees and their families. Eaton provides various Health and Welfare benefits as well as Retirement benefits, and several programs that provide for paid and unpaid time away from work. Click here for more detail: Eaton Benefits Overview. Please note that specific programs and options available to an employee may depend on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.