it's what's inside that counts
_______________________________
There’s more to CMC than our products and the buildings, structures, and roads they go into. At CMC, it’s the people inside our recycling centers, fabrication plants, manufacturing facilities, steel mills and offices that make us who we are as a company. Our success comes from finding, retaining, and supporting the highest quality talent by offering:
Day 1 Benefits Coverage with low cost Medical, Vision, Dental Day 1 Paid-time Off and Vacation 4.5% Company Match 401(k) plan $500 Annual Company-paid Lifestyle Benefit Competitive Compensation and Bonuses Company-paid Life and Disability Insurance Employee Stock Purchase Plan Training and Advancement Opportunities Why This JobCMC is a leading manufacturer committed to excellence and innovation. We prioritize safeguarding our digital assets and ensuring the highest standards of IT security governance. As part of our ongoing commitment to maintaining a secure digital environment, we are seeking a talented individual to join our team as IT Security Manager - GRC.
The Manager of IT Security Governance, Risk and Compliance will play a crucial role in developing, implementing, and maintaining robust IT security governance frameworks and practices within our organization. This position requires a deep understanding of IT security principles, regulations, and best practices, as well as strong analytical and communication skills to effectively collaborate with various stakeholders include Internal/External Auditors and IT Product leads. This role requires extensive experience in internal audits, SOX auditing, NIST CSF 2.0, SOC 2 report review, controls design, third-party vendor reviews, and GRC tools
CMC provides an excellent opportunity to learn the steel, construction reinforcement and ground stabilization industries and to grow in your career. Whether you will spend your day brainstorming in an office cubicle, operating a crane, running manufacturing equipment or troubleshooting technical obstacles, at CMC, you’ll get the training and support from your team that you need to excel in your role and reach your full potential.
What You'll Do Internal Audits: Conduct and oversee internal IT security audits to ensure compliance with organizational policies and regulatory requirements SOX Auditing: Manage and execute SOX (Sarbanes-Oxley) compliance audits, ensuring adherence to financial and IT controls. Act as IT interface and coordinator to Internal and External Auditors NIST CSF 2.0: Implement and maintain the NIST Cybersecurity Framework (CSF) 2.0 to enhance the organization’s security posture SOC 2 Report Review: Review and assess SOC 2 reports to ensure third-party service providers meet security and compliance standards Controls Design: Design, implement, and monitor security controls to protect sensitive information and systems Third-Party Vendor Reviews: Conduct thorough security assessments of third-party vendors to mitigate risks associated with external partnerships GRC Tools: Utilize GRC tools to streamline and automate governance, risk management, and compliance processes Team Collaboration: Work closely with cross-functional teams, including IT, legal, finance, and operations, to ensure cohesive and comprehensive security strategies. Foster a collaborative environment to share knowledge, best practices, and support team members in achieving common goals Provide guidance and support to IT teams in implementing security controls and mitigating risks in their respective areas Monitor and report on compliance with IT security policies, standards, and regulations to senior management and relevant stakeholders Foster a culture of security awareness and compliance across the organization through training, awareness programs, and regular communication What You'll Need Minimum of 5 years of experience in IT security, with a focus on GRC Previous people management skills highly preferred In-depth knowledge of internal audits, SOX auditing, NIST CSF 2.0, SOC 2, and controls design Strong understanding of IT security principles, standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, GDPR) Experience with GRC tools such as Workiva, RSA Archer, MetricStream, or similar Excellent analytical and problem-solving skills Demonstrated ability to work collaboratively in a cross-functional team environment Excellent communication and interpersonal skills Your Education Bachelor’s or Master’s degree in Computer Science, Information Systems or other related field; or equivalent relevant experienceWe are CMC, a Fortune 500 company at the leading edge of our industry. Our construction reinforcement and steel products have supported construction projects and structures around the world. The secret to our success? We’ve built our legacy by assembling a team of innovators and doers to tackle some of the most challenging construction reinforcement problems facing our world for more than 100 years — and we’re just getting started.
If you’re ready to join a team working to make our industry more sustainable, support the bridges, roadways, buildings and infrastructure that connects our communities, and do meaningful work, you’re ready to join CMC. Apply today and start moving your career — and our world — forward. Let's build a better world!
CMC is committed to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, age, physical or mental disability, national origin, citizenship, military or veteran status, sexual orientation, gender identity and/or expression, genetic information, or other status protected by federal, state or local law.