Clorox is the place that’s committed to growth – for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team. #CloroxIsThePlace

Your role at Clorox:

We are seeking a highly skilled and motivated Cybersecurity Governance, Risk & Compliance (GRC) Lead. This position reports to the Cyber GRC, Privacy, Data Security, and Application Security Product Owner. The mission of this position is to support and improve the company’s cybersecurity program, focusing on driving improvements in cyber risk management related to sensitive data, systems, third party vendors, and cloud environments (at a minimum).

In this role, this individual work with cross functional business units as a trusted security advisor to address cyber risks, ensure compliance with security policies and standards, relevant regulatory requirements, and cybersecurity controls while advising the business and technology leaders ensure informed risk management decisions are made. This individual must understand cyber risks, technologies and effectively communicate them to the business.

The ideal candidate is deadline-driven, detailed oriented, an excellent communicator, with in-depth knowledge of cybersecurity industry and cyber risk management best-practices and has a track record of effectively communicating complex and/or technical information both written and verbally.

In this role, you will:

• Assess cyber risks related to vendors, systems and services associated with technology and operational projects.

• Evaluate AI‑enabled services offered by critical vendors for model security, training data governance, and exposure to model manipulation attacks.

• Ensure cloud AI services align with NIST, ISO, SOC2, and privacy frameworks already referenced in the role (NIST, ISO, SOC, GDPR, CCPA).

• Support day-to-day operations by identifying potential areas of cybersecurity compliance risks and ensuring appropriate escalation and coordination of effective corrective actions.

• Collaborate with various technical and non-technical teams to evaluate the effectiveness of security controls, identify and categorize risks, provide improvement recommendations, and communicate outcomes of those activities.

• Assist in process improvement initiatives and the development/implementation of team metrics

• Educate teams across the organization on cyber risk and governance methodologies for maintaining a secure enterprise and meeting regulatory compliance requirements.

• Facilitate the development of security policies and standards. Collaborate with internal subject matter experts to ensure policies,

• Lead the interactions with Internal Audit, manage relevant regulatory requirements, assist in the development of management responses, track, and monitor remediation progress till closure.

• Challenge the first line of defense, validate the required assessments and attestations (PCI, SOX, GDPR, CCPA) report on compliance internally, and provide guidance on compliance as necessary.

• Provide oversight of identifying, classifying, remediating, and mitigating vulnerabilities and the policy exception request process.

• Communicate emerging issues, potential risks, and audit results to key stakeholders, assist in the review, and formulate responses to issues and findings from all sources.

• Develop metrics and reports that provide management visibility into the current cyber risk and compliance posture and trends.

• Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with security policies and best practices.

• Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure, and applications.

• Build relationships with senior leaders to accelerate the adoption of compliance and security initiatives.

What we look for:

• 6 plus years of using risk assessment methods and procedures
• 6 plus years of tracking, monitoring, and reporting risk
• 6 plus years of governance risk & compliance experience
• Cybersecurity risk management function including third party cyber risk
• Cybersecurity controls management
• Controls testing and automation
• Governance risk and compliance management
• Experience with Cybersecurity Risk Frameworks (NIST CSF/RMF, ISO 27001/27002, SOC (1,2,3), and Global Privacy regulations (e.g., CCRP, GDPR etc)
• Experience with AI/ML risk management frameworks (e.g., NIST AI RMF, ISO/IEC 42001).
• Understanding of AI‑specific threat vectors (model poisoning, prompt injection, data leakage via LLMs).
• Familiarity with evaluating AI vendors for responsible AI, privacy, and security posture.
• Experience in drafting security policies and standards
• Experience in using/supporting ServiceNow Integrated Risk Management module (or related GRC platform
• Cyber risk certifications (CISA, CISM, CRISC, CISSP) are a plus

#LI-HYBRID

Workplace type:

Hybrid- 3 Days in Office; 2 Days WFH

Our values-based culture connects to our purpose and empowers people to be their best, professionally and personally. We serve a diverse consumer base which is why we believe teams that reflect our consumers bring fresh perspectives, drive innovation, and help us stay attuned to the world around us. That’s why we foster an inclusive culture where every person can feel respected, valued, and fully able to participate, and ultimately able to thrive. Learn more.

[U.S.]Additional Information:

At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more.

We are committed to fair and equitable pay and are transparent with current and future teammates about our full salary ranges. We use broad salary ranges that reflect the competitive market for similar jobs, provide sufficient opportunity for growth as you gain experience and expand responsibilities, while also allowing for differentiation based on performance. Based on the breadth of our ranges, most new hires will start at Clorox in the first half of the applicable range. Your starting pay will depend on job-related factors, including relevant skills, knowledge, experience and location. The applicable salary range for every role in the U.S. is based on your work location and is aligned to one of three zones according to the cost of labor in your area.

–Zone A: $106,700 - $204,900

–Zone B: $97,800 - $187,900

–Zone C: $88,900 - $170,800

All ranges are subject to change in the future. Your recruiter can share more about the specific salary range for your location during the hiring process.

This job is also eligible for participation in Clorox’s incentive plans, subject to the terms of the applicable plan documents and policies.

Please apply directly to our job postings and do not submit your resume to any person via text message. Clorox does not conduct text-based interviews and encourages you to be cautious of anyone posing as a Clorox recruiter via unsolicited texts during these uncertain times.

To all recruitment agencies: Clorox (and its brand families) does not accept agency resumes. Please do not forward resumes to Clorox employees, including any members of our leadership team. Clorox is not responsible for any fees related to unsolicited resumes.