Cyber GRC & Data Security Product Owner

Clorox is the place that’s committed to growth for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates.

Join our team. #CloroxIsThePlace

Your role at Clorox :

We are seeking a highly skilled and motivated Cybersecurity GRC, Privacy, Data Security, and Application and Security Product Owner.

As a Product Owner overseeing Governance, Risk, and Compliance (GRC), Privacy, Data Security, and Application Security capabilities, you will be at the forefront of shaping and delivering a robust security and compliance framework.

You will be a strategic thinker who can navigate the complex landscape of regulatory requirements, privacy concerns, and evolving security threats.

Your responsibilities will span defining product roadmaps, prioritizing features, and managing your product team to define and enforce the organization’s cybersecurity standards and governance.

In this role, you will :

Governance

• Develop and maintain the security governance framework, policies, and procedures aligned with industry standards and best practices.
• Ensure that the organization adheres to established governance guidelines.

Cyber Risk Management

• Identify, assess, and prioritize security risks related to assets, systems, and data.
• Implement risk mitigation strategies and controls to minimize exposure to threats and vulnerabilities.
• Conduct regular security risk assessments and provide recommendations for remediation actions.
• Evaluate and manage security risks associated with third-party vendors and service providers.

Compliance

• Establish and maintain an effective compliance framework aligned with applicable laws, regulations, and global industry standards.
• Ensure compliance with regulatory mandates and reporting requirements.
• Coordinate internal and external audits, addressing findings and implementing corrective actions.
• Enforce standards of multiple security frameworks, including SOX, PCI, and Global Privacy regulations (e.g., CCPA, GDPR)

Training and Awareness

• Lead educational initiatives to promote a culture of risk awareness and compliance among employees and third parties.
• Address the unique threats and risks specific to the organization’s business and technological environment.

Stakeholder Engagement

• Collaborate with executive leadership and internal stakeholders to align security initiatives with business objectives.
• Engage with external stakeholders, including regulators, partners, and vendors, on GRC matters.

Leadership and Management

• Develop and empower the GRC team.
• Act as the primary point of contact for BUs and functions to ensure cybersecurity risks are identified, assessed, and managed effectively
• Develop and maintain cybersecurity architecture and roadmap according to the defined GRC / Privacy organizational standards across the organization
• Advocate for and implement secure coding practices within the development lifecycle, fostering a culture of security awareness
• Keep abreast of the latest cybersecurity trends, threat landscape, and technologies and recommend appropriate strategies and solutions to address them
• Foster a culture of continuous improvement and innovation within the product team, seeking opportunities for enhancement and optimization
• Define overall product roadmap and work with the teams to develop and execute against a backlog to achieve the group priorities

What we look for :

• Proven experience of at least 10 years as a product owner or a similar in the realm of Cybersecurity GRC and Privacy
• Relevant and current industry certification(s) such as (CISA, CISM, CRISC) is preferred
• Experience working with and implementing IT GRC tools (e.g., ServiceNow IRM, OneTrust, etc.) and processes and building and developing successful risk management programs.
• Knowledge of and experience working with common security and privacy frameworks and regulations, such as ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, and GDPR
• Advanced understanding of information security concepts including cloud security and compliance, access controls, disaster recovery, etc.
• Extensive experience in coordinating cross-functional teams and stakeholders with a global mindset to achieve operational goals and deliver successful technology initiatives
• Advanced understanding of information security concepts including cloud security and compliance, access controls, disaster recovery, etc.
• Extensive experience in coordinating cross-functional teams and stakeholders with a global mindset to achieve operational goals and deliver successful technology initiatives
• Risk and threat assessment and analysis
• Vendor risk assessment
• Security audits
• Privacy laws, application and data security concepts
• Product roadmap development
• Requirement and user story documentation
• Business process analysis
• Agile planning and delivery
• Product lifecycle management

LI-HYBRID

Workplace type :

Hybrid- 3 Days in Office, 2 Days WFH

We seek out and celebrate diverse backgrounds and experiences. We’re looking for fresh perspectives, a desire to bring your best, and a non-stop drive to keep growing and learning.

At Clorox, we have a Culture of Inclusion. We believe our values-based culture connects to our purpose and helps our people be the best versions of themselves, professionally and personally.

This means building a workplace where every person can feel respected, valued, and fully able to participate in our Clorox community.

Learn more about our I&D program & initiatives here .

U.S. Additional Information :

At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates’ unique needs.

This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility / adoption benefits, and more.

We are committed to fair and equitable pay and are transparent with current and future teammates about our full salary ranges.

We use broad salary ranges that reflect the competitive market for similar jobs, provide sufficient opportunity for growth as you gain experience and expand responsibilities, while also allowing for differentiation based on performance.

Based on the breadth of our ranges, most new hires will start at Clorox in the first half of the applicable range. Your starting pay will depend on job-related factors, including relevant skills, knowledge, experience and location.

The applicable salary range for every role in the U.S. is based on your work location and is aligned to one of three zones according to the cost of labor in your area.

Zone A : $144,200 - $289,900

Zone B : $132,200 - $265,700

Zone C : $120,200 - $241,600

All ranges are subject to change in the future. Your recruiter can share more about the specific salary range for your location during the hiring process.

This job is also eligible for participation in Clorox’s incentive plans, subject to the terms of the applicable plan documents and policies.

Please apply directly to our job postings and do not submit your resume to any person via text message. Clorox does not conduct text-based interviews and encourages you to be cautious of anyone posing as a Clorox recruiter via unsolicited texts during these uncertain times.

To all recruitment agencies : Clorox (and its brand families) does not accept agency resumes. Please do not forward resumes to Clorox employees, including any members of our leadership team.

Clorox is not responsible for any fees related to unsolicited resumes.