Eaton's Corporate Sector division is currently seeking a It Specialist - Cybersecurity Governance. The preference for this role is a hybrid work schedule out of Moon Township PA: Beachwood, OH: Galesburg, MI: Menomonee Falls, WI: Houston, TX or Raleigh, NC. However we will consider candidates at any Eaton site within the US or remote. The expected annual salary range for this role is $130000 - $190000 a year.
Please note the salary information shown above is a general guideline only. Salaries are based upon candidate skills, experience, and qualifications, as well as market and business considerations.
What you'll do:Job Summary Primary focus of this role is to lead the innovation, modernization, development, and lifecycle management of enterprise IT and security policies, ensuring alignment with multiple regulatory and industry frameworks, as defined by the Office of the CISO. The role requires an experienced IT Governance, Risk, and Compliance (GRC) subject matter expert, a passionate change leader able to collaborate across business and technical teams, to establish policies that are realistic, enforceable, and audit-ready.
Job Responsibilities This position will have responsibilities and accountabilities that will impact Eaton's cybersecurity for both internal/IT operations as well as customer-facing offerings and will report to the Director of Cybersecurity Governance within the Office of the CISO. Key responsibilities, Qualifications and Experience as follows:
== Key Responsibilities ==* Policy Development & Lifecycle Management
** Overhaul and rewrite the company's IT security and compliance policies to address gaps, inconsistencies, and outdated content.
** Define and implement a policy lifecycle management process, including drafting, review, approval, communication, periodic review, and retirement.
** Integrate and align policies and standards with established or identified frameworks, ensuring traceability to applicable compliance requirements (e.g., SOC2, SOX, PCI DSS, CMMC, NERC CIP, HIPAA, ISO/IEC 27001, NIST CSF, etc.).
* Collaboration & Stakeholder Engagement
** Partner with senior leaders, enterprise architects, control owners, and audit teams to develop policy language that is achievable, measurable, and aligned with business realities.
** Collaborate with architects, process owners, and subject matter experts to implement standards that meet policy requirements.
** Facilitate workshops, requirements elicitation sessions, and cross-functional reviews to build consensus and drive adoption.
** Act as a trusted advisor on emerging regulatory requirements, controls, and best practices.
** Partner with Risk, Compliance, Organizational Change Management, and Communications teams to foster cohesive governance policies and successful implementations of new or changed policy.
* Audit & Compliance Alignment
** Ensure policies are mapped to control frameworks and audit criteria, enabling demonstrable compliance during internal and external audits.
** Support evidence preparation and auditor discussions by ensuring policies are clear, consistently applied, and well-documented.
* Thought Leadership & Best Practices
** Independently research new topics and requirements and introduce these to the business in a manner that is relevant and understandable to varying stakeholders.
** Monitor regulatory, legal, and industry trends to ensure policies remain current.
** Champion best practices in Governance, Risk, and Compliance, including harmonizing policies with risk management and business continuity programs.
** Mentor and coach colleagues on effective policy writing and governance approaches.
** Lead continuous improvement and look for ways to leverage new capabilities such as AI and automation.
** Identify new or innovative ways to ensure awareness and acknowledgment of policies and standards
Qualifications:Basic Qualifications (Must Haves):- Bachelors' degree from an accredited
- Minimum of at least (10) ten years of progressive experience in information security, IT risk, compliance, or governance, with at least (5) five years in a senior-level or lead role.
- Demonstrated success in developing, implementing, and maintaining IT/security policies and standards in a regulated enterprise environment.
- Experience managing compliance with multiple frameworks (SOC 2, SOX, PCI DSS, CMMC, NERC, HIPAA, ISO 27001, NIST CSF, FedRAMP, etc.)
- Experience as an external auditor with an auditing or consulting firm.
- Must be authorized to work in the United States without company sponsorship now or in the future
Preferred Qualifcations:- Master's Degree
- Security & Compliance Frameworks ** Examples: SOC 2, SOX, PCI DSS, HIPAA, NERC CIP, CMMC, FedRAMP, ISO/IEC 27001, NIST CSF, and NIST SP 800-53.
- Policy Development ** Knowledge of effective policy architecture, version control, lifecycle management, and traceability to compliance requirements.
- Risk & Control Mapping ** Ability to align policies with control objectives across multiple frameworks, harmonizing overlapping requirements.
- Audit Readiness ** Familiarity with internal and external audit processes, evidence mapping, and remediation tracking.
- IT Security Domains ** Core understanding of access control, encryption, network security, incident response, vulnerability management, disaster recovery, and cloud security governance.
- Regulatory Awareness ** Up-to-date knowledge of evolving regulations impacting global enterprises (e.g., GDPR, U.S. state privacy laws, DORA, AI Act).
- Tooling & Automation (preferred) ** Experience with GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust), audit management tools, and collaboration systems (e.g., Confluence, SharePoint, Teams).
Skills:== Skills & Competencies ==* Exceptional written communication skills, capable of translating technical concepts into policy language accessible to diverse stakeholders.
* Proven ability to lead through change, drive consensus, and gain buy-in across business and technical leadership.
* Strong facilitation and requirements elicitation skills.
* Familiarity with audit processes and ability to prepare organizations for successful external reviews.
* Strategic thinker with the ability to balance compliance obligations with business practicality.
Soft skills Beyond technical expertise, this role demands a highly skilled communicator and change leader who can engage executives, technical teams, and auditors alike. The candidate must be able to translate complex requirements into accessible guidance, drive consensus in diverse stakeholder groups, and foster a culture of accountability and compliance across the organization.
* Strategic Communication - Exceptional written and verbal communication skills; ability to create policy documents that are clear, concise, and persuasive.
* Influence and Consensus-Building - Proven ability to engage with executives, process owners, and technical staff to gain buy-in and alignment.
* Leadership Through Change - Comfortable leading policy overhauls and compliance initiatives in environments with competing priorities and organizational resistance.
* Facilitation and Negotiation - Skilled at running workshops, eliciting requirements, and resolving conflicts constructively.
* Executive Presence - Ability to brief and advise senior leadership, boards, and audit committees with confidence and credibility.
* Analytical and Critical Thinking - Strong ability to assess risks, interpret complex regulations, and recommend pragmatic solutions.
* Collaboration and Teamwork - Adept at working cross-functionally with IT, legal, HR, and operations teams in a global enterprise context.
* Cultural Awareness - Sensitivity to diverse teams and regulatory environments across global regions.
The application window for this position is anticipated to close on 23-MAR-26We know that good benefit programs are important to employees and their families. Eaton provides various Health and Welfare benefits as well as Retirement benefits, and several programs that provide for paid and unpaid time away from work. Click here for more detail: Eaton Benefits Overview. Please note that specific programs and options available to an employee may depend on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.
