It Specialist - Cybersecurity Governance

Primary focus of this role is to lead the innovation, modernization, development, and lifecycle management of enterprise IT and security policies, ensuring alignment with multiple regulatory and industry frameworks, as defined by the Office of the CISO. The role requires an experienced IT Governance, Risk, and Compliance (GRC) subject matter expert, a passionate change leader able to collaborate across business and technical teams, to establish policies that are realistic, enforceable, and audit-ready., This position will have responsibilities and accountabilities that will impact Eaton's cybersecurity for both internal/IT operations as well as customer-facing offerings and will report to the Director of Cybersecurity Governance within the Office of the CISO. Key responsibilities, Qualifications and Experience as follows, * Policy Development & Lifecycle Management

** Overhaul and rewrite the company's IT security and compliance policies to address gaps, inconsistencies, and outdated content. ** Define and implement a policy lifecycle management process, including drafting, review, approval, communication, periodic review, and retirement. ** Integrate and align policies and standards with established or identified frameworks, ensuring traceability to applicable compliance requirements (e.g., SOC2, SOX, PCI DSS, CMMC, NERC CIP, HIPAA, ISO/IEC 27001, NIST CSF, etc.).

• Collaboration & Stakeholder Engagement

** Partner with senior leaders, enterprise architects, control owners, and audit teams to develop policy language that is achievable, measurable, and aligned with business realities. ** Collaborate with architects, process owners, and subject matter experts to implement standards that meet policy requirements. ** Facilitate workshops, requirements elicitation sessions, and cross-functional reviews to build consensus and drive adoption. ** Act as a trusted advisor on emerging regulatory requirements, controls, and best practices. ** Partner with Risk, Compliance, Organizational Change Management, and Communications teams to foster cohesive governance policies and successful implementations of new or changed policy.

• Audit & Compliance Alignment

** Ensure policies are mapped to control frameworks and audit criteria, enabling demonstrable compliance during internal and external audits. ** Support evidence preparation and auditor discussions by ensuring policies are clear, consistently applied, and well-documented.

• Thought Leadership & Best Practices

** Independently research new topics and requirements and introduce these to the business in a manner that is relevant and understandable to varying stakeholders. ** Monitor regulatory, legal, and industry trends to ensure policies remain current. ** Champion best practices in Governance, Risk, and Compliance, including harmonizing policies with risk management and business continuity programs. ** Mentor and coach colleagues on effective policy writing and governance approaches. ** Lead continuous improvement and look for ways to leverage new capabilities such as AI and automation. ** Identify new or innovative ways to ensure awareness and acknowledgment of policies and standards

• Bachelors' degree from an accredited
• Minimum of at least (10) ten years of progressive experience in information security, IT risk, compliance, or governance, with at least (5) five years in a senior-level or lead role.
• Demonstrated success in developing, implementing, and maintaining IT/security policies and standards in a regulated enterprise environment.
• Experience managing compliance with multiple frameworks (SOC 2, SOX, PCI DSS, CMMC, NERC, HIPAA, ISO 27001, NIST CSF, FedRAMP, etc.)
• Experience as an external auditor with an auditing or consulting firm.
• Must be authorized to work in the United States without company sponsorship now or in the future

Preferred Qualifcations:

• Master's Degree
• Security & Compliance Frameworks ** Examples: SOC 2, SOX, PCI DSS, HIPAA, NERC CIP, CMMC, FedRAMP, ISO/IEC 27001, NIST CSF, and NIST SP 800-53.
• Policy Development ** Knowledge of effective policy architecture, version control, lifecycle management, and traceability to compliance requirements.
• Risk & Control Mapping ** Ability to align policies with control objectives across multiple frameworks, harmonizing overlapping requirements.
• Audit Readiness ** Familiarity with internal and external audit processes, evidence mapping, and remediation tracking.
• IT Security Domains ** Core understanding of access control, encryption, network security, incident response, vulnerability management, disaster recovery, and cloud security governance.
• Regulatory Awareness ** Up-to-date knowledge of evolving regulations impacting global enterprises (e.g., GDPR, U.S. state privacy laws, DORA, AI Act).
• Tooling & Automation (preferred) ** Experience with GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust), audit management tools, and collaboration systems (e.g., Confluence, SharePoint, Teams).

Skills:

== Skills & Competencies ==

• Exceptional written communication skills, capable of translating technical concepts into policy language accessible to diverse stakeholders.
• Proven ability to lead through change, drive consensus, and gain buy-in across business and technical leadership.
• Strong facilitation and requirements elicitation skills.
• Familiarity with audit processes and ability to prepare organizations for successful external reviews.
• Strategic thinker with the ability to balance compliance obligations with business practicality.

Soft skills

Beyond technical expertise, this role demands a highly skilled communicator and change leader who can engage executives, technical teams, and auditors alike. The candidate must be able to translate complex requirements into accessible guidance, drive consensus in diverse stakeholder groups, and foster a culture of accountability and compliance across the organization.

• Strategic Communication - Exceptional written and verbal communication skills; ability to create policy documents that are clear, concise, and persuasive.
• Influence and Consensus-Building - Proven ability to engage with executives, process owners, and technical staff to gain buy-in and alignment.
• Leadership Through Change - Comfortable leading policy overhauls and compliance initiatives in environments with competing priorities and organizational resistance.
• Facilitation and Negotiation - Skilled at running workshops, eliciting requirements, and resolving conflicts constructively.
• Executive Presence - Ability to brief and advise senior leadership, boards, and audit committees with confidence and credibility.
• Analytical and Critical Thinking - Strong ability to assess risks, interpret complex regulations, and recommend pragmatic solutions.
• Collaboration and Teamwork - Adept at working cross-functionally with IT, legal, HR, and operations teams in a global enterprise context.
• Cultural Awareness - Sensitivity to diverse teams and regulatory environments across global regions.