Manager – IT Security Governance, Risk & Compliance

Information Technology
062392 Requisition #
Who is Georgia-Pacific?Watch to find out!

At Koch Industries, we offer opportunities for career growth at one of the largest, financially stable companies in the world, responsibilities and rewards based on contributions, and competitive Pay and Benefits.  Koch companies employ more 120,000 people across 60 countries, and include companies such as Georgia-Pacific, Molex, INVISTA, Guardian Industries, and Flint Hills Resources. 

A Day In The Life Typically Includes:

The Information Security Manager will report to the companies Chief Information Security Officer (CISO) and be responsible to design, develop and implement a comprehensive enterprise Governance, Risk & Compliance capability (GRC).  This role will coordinate security activities with Georgia-Pacific’s (GP) operating units and third-party infrastructure providers in a complex multi-business, multi-platform IT environment. The candidate will create and maintain; security frameworks, governance, risk & compliance, policies, security metrics, dashboards, audit & assurance activities, security awareness and overall risk assessment processes.


The ideal candidate will be highly skilled in cyber security GRC and have a strong passion to work in a collaborative team environment to take a security to the next level.  Candidate will be a self-motivated innovative strategic thinker with experience in implementing security frameworks and leading a GRC team in a federated organizational structure.


Key Responsibilities:


  • Lead the GRC security function and develop & manage team of security professionals
  • Research and implement standard industry security frameworks and best practices (ISO/NIST)

  • Create meaningful security metrics to communicate security posture and risks to leadership

  • Develop and maintain security policies, standards, and procedures

  • Develop an ongoing security assurance program to audit, monitor and verify the effectiveness of security; analyze data, develop trend analysis and ensure compliance to existing standards, policies, and procedures

  • Monitor regulatory compliance as required (CFATS, MTSA, GDPR, PCI)

  • Manage third party risk assessment process and respond to external customer security inquiries

  • Oversee detailed incident response procedures that ensure integration with Legal, GP IT and Koch shared services organizations

  • Manage and implement strategic security projects and initiatives as required

Knowledge, Skills & Abilities:

  • Leadership, strategic thinking, ability to set a vision and lead team of security professionals
  • Knowledge in GRC design and implementation of detailed security procedures
  • Ability to communicate clearly, concisely, and confidently (oral, written, presentation)
  • Superior interpersonal and consultative skills with ability to manage and influence others
  • Effective in operating in a federated environment using internal Koch shared services teams
  • Experience in a Microsoft centric infrastructure and clear understanding of modern security tools, authentication methods and cloud security capabilities
  • Strong knowledge in implementing and operating various security frameworks such as ISO 27001, NIST 800-53, NIST Cybersecurity Framework, COBIT, or similar
  • Highly motivated and self-directed with strong organizational and project management skills.
  • Strong experience in assessing and implementing GRC toolsets

What You Will Need:

Basic Qualifications:
  • Bachelor’s degree, or equivalent work experience in the cyber security field
  • At least 5 years of “hands on” experience developing, managing, implementing and supporting information security GRC programs & toolsets
  • At least 5 years of experience in managing cyber security teams in regulated environments
  • In depth knowledge in at least two of the following: regulatory requirements, ISO27001 and ISO27002, NIST 800-53, HITRUST/NIST CSF (other regulatory experience may be considered)

What Will Put You Ahead?

Preferred Qualifications:
  • Bachelor’s degree in Security or Computer Science
  • Industry security certifications, such as Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) or Global Information Assurance Certification (GIAC).

Want to learn more about Georgia-Pacific?

Salary and benefits commensurate with experience.
We are an equal opportunity employer. Minority/Female/Disabled/Veteran
Except where prohibited by state law, all offers of employment are conditioned upon successfully passing a drug test.

This employer uses E-Verify. Please visit the following website for additional information:

Follow us GP-LinkedIn GP-Twitter GP-Facebook GP-YouTube

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings



📁 Information Technology

Requisition #: 062642



📁 Information Technology

Requisition #: 061015



📁 Information Technology

Requisition #: 060308

Previous Job Searches