Emerson logo

Cybersecurity Governance, Risk, and Compliance Lead

Emerson
Full-time
On-site
Shakopee, Minnesota, United States
$110,000 - $125,000 USD yearly
Description

The Cybersecurity GRC Lead plays a central role in strengthening the security of Emerson’s Industrial IoT portfolio within the Cross Portfolio Technology & Innovation (CPTI) group. In this position, you will guide governance, risk, and compliance efforts across technologies such as wireless sensing, wireless communication, networking, web development, and industrial hardware designed for cloud and on‑premises environments. You’ll help ensure our products meet established security, regulatory, and industry standards while supporting solutions that deliver critical measurements—like pressure, temperature, flow, and level—to customers in industries including oil & gas, petroleum, and pharmaceuticals.

This role offers a unique opportunity to shape the cybersecurity GRC efforts in a rapidly evolving IIoT landscape. It's ideal for individuals seeking to specialize in cybersecurity governance, risk, and compliance within a dynamic industry.

In This Role, Your Responsibilities Will Be:
  • Governance and Policy Development: Developing and maintaining cybersecurity policies, procedures, and standards. Ensuring alignment with industry best practices and regulatory requirements.
  • Risk Management: Identifying, evaluating, and prioritizing risks associated with product development and deployment. Developing strategies to mitigate these risks.
  • Compliance Assurance: Ensuring that products and processes comply with relevant cybersecurity regulations and standards such as IEC, ISO, NIST, and GDPR. Conducting regular compliance audits and assessments.
  • Cross-functional Collaboration: Working closely with product engineers, legal, and other departments to integrate GRC best practices into product development and company processes.
  • Customer Security Assurance: Manage customer security questionnaires and audits to ensure accurate representation of the organization’s cybersecurity posture and compliance with industry standards.
  • Training and Awareness: Developing and conducting cybersecurity training and awareness programs for employees.
  • Incident Response and Reporting: Assisting in the development and maintenance of incident response plans. Ensuring timely reporting and compliance with legal and regulatory requirements in the event of a security breach.
  • Contract Negotiation: Assist in negotiation of security or privacy contract terms
  • Vendor and Third-party Risk Management: Assessing and managing the cybersecurity risks associated with third-party vendors and partners.
     
Who You Are:
You are a high performing individual contributor with a passion for cybersecurity. You enjoy learning the nuances of new technology and understand how they need to be governed. You like getting exposure to a wide range of technologies and are willing to research when new skills are needed or required.
 
For This Role, You Will Need:
  • Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field 
  • Minimum of four (4) or more years of experience in cybersecurity
  • Familiarity with cybersecurity frameworks, standards, and regulations.
  • Legal authorization to work in the United States
 
Preferred Qualifications That Set You Apart:
  • J.D. or LL.M. credential
  • Minimum of eight (8) or more years of relevant industry experience, including cybersecurity legal experience and experience in cybersecurity GRC roles
  • Strong understanding of cybersecurity principles and best practices, including knowledge of relevant industry specifications, standards, and frameworks such as IEC, ISO, NIST, and GDPR
  • Experience in threat modeling, risk assessment, and vulnerability testing
  • Experience in developing and conducting cybersecurity training programs and strong communication skills for effective policy development and stakeholder engagement
  • Experience with embedded design engineering or working with embedded engineering teams
  • Understanding of network infrastructure design and deployment

  • Desirable security certifications: CISM, CISSP, CISA, CRISC


     

Our Culture & Commitment to You:

At Emerson, we prioritize a workplace where every employee is valued, respected, and empowered to grow. We foster an environment that encourages innovation, collaboration, and diverse perspectives—because we know that great ideas come from great teams. Our commitment to ongoing career development and growing an inclusive culture ensures you have the support to thrive. Whether through mentorship, training, or leadership opportunities, we invest in your success so you can make a lasting impact. We believe diverse teams, working together are key to driving growth and delivering business results. ​

We recognize the importance of employee wellbeing. We prioritize providing flexible, competitive benefits plans to meet you and your family’s physical, mental, financial, and social needs. We provide a variety of medical insurance plans, with dental and vision coverage, Employee Assistance Program, 401(k), tuition reimbursement, employee resource groups, recognition, and much more. Our culture offers flexible time off plans, including paid parental leave (maternal and paternal), vacation and holiday leave.​

Learn more about our Culture & Values. ​

Our compensation philosophy is simple: we pay a competitive base salary, within the local market in which we operate, and reward performance during our annual merit review process. The salary range for this role is $110,000-$125,000 annually, commensurate with the skills, talent, capabilities, and experience each candidate brings to a role.​

 

LI-AK1