About this role
Job Location
CINCINNATI GENERAL OFFICESJob Description
Information Technology at Procter & Gamble is where business, innovation and technology integrate to build a competitive advantage for P&G. Our mission is clear -- we deliver IT to help P&G win with the over 5 billion consumers we serve worldwide. Our IT professionals are diverse business leaders who apply IT expertise to deliver innovative, tech-focused business models and capabilities for our 65 iconic, trusted brands.
From Day 1, you’ll be trusted to dive right in, take the lead, use your initiative, and build billion-dollar brands that help make everyday activities easier and make the world a better place! Our company offers purposeful work that will take your career places you never envisioned, in creative workspaces where innovation thrives and where your technical expertise is recognized and rewarded.
The Opportunity
P&G is seeking a Governance, Risk, and Compliance Director passionate about safeguarding data, enabling business through smart risk management, and shaping the future of cybersecurity. The IT Governance, Risk, and Compliance (GRC) Organization at Procter & Gamble is responsible for risk identification, assessment, and remediation across the IT landscape, as well as driving automated governance and compliance breakthroughs. As the GRC expert, you’ll play a critical role in maturing and maintaining the security risk and compliance posture of our organization. You will lead initiatives that align our security program with business goals, ensure regulatory and policy compliance, and creatively solve problems to manage risk for the company.
Responsibilities:
- Governance:
- Maintain and evolve the information security policy framework and controls aligned with industry best practices (e.g., NIST, ISO 27001, CIS).
- Establish and track metrics to measure policy adherence and program maturity.
- Drive internal alignment on security roles, responsibilities, and expectations.
- Risk Management:
- Manage the enterprise risk management process including risk identification, analysis, treatment planning, and reporting.
- Conduct security risk assessments for internal systems, projects, vendors, and business processes.
- Facilitate risk-based decision-making at all levels of the organization.
- Compliance:
- Ensure ongoing compliance with applicable regulations and frameworks (e.g., GDPR, HIPAA, CCPA, SOX).
- Maintain a library of evidence and documentation to support audit and regulatory needs.
- Monitor the effectiveness of IT controls and identify gaps in compliance. Analyze control measurements for negative trends and reoccurrence frequency. Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation
- Awareness & Enablement:
- Contribute to the continuous improvement of the risk and compliance mindset across P&G. Build IT risk awareness by providing support and training to others.
- Collaborate cross-functionally with IT, Legal, Privacy, and Business Operations teams.
- Stay up to date with how current events, security focus areas, and the regulatory environment may impact P&G’s compliance processes
Estimated Percent of Time Spent on Work
25% - Risk identification, analysis, and assessment
40% - Plan and drive enterprise-wide initiatives to reduce risk and improve compliance across the organization
25% - Assess and improve the effectiveness of IT controls and compliance across the enterprise
10% - Collaboration with internal/external auditors, driving a risk-aware compliance mindset
Job Qualifications
Required:
- Bachelor's degree in Computer Science, Computer Systems Engineering, Cybersecurity, Industrial Engineering, Business Management Information Systems, Software Development, or related field
- Prior hands on experience working in a security-focused role, such as Information Security Analyst, SOC Analyst, Security Engineer, etc.
- 8+ years of experience in Governance, Risk, and Compliance with a focus on Information Security
- In-depth knowledge of major security frameworks (e.g., NIST CSF, ISO 27001, SOC 2).
- Experience conducting risk assessments, audits, and control testing.
- Strong understanding of regulatory compliance requirements (e.g., GDPR, HIPAA, SOX, PCI DSS).
- Proven ability to write policies, manage documentation, and communicate clearly to both technical and non-technical stakeholders.
- Ability to influence and build relationships with business unit stakeholders, external service providers, and architecture teams.
- The ability to work independently, collaborate, and learn quickly.
- English fluency (speak, write, and read)
Preferred Skills:
- Certified in CISSP, ISACA CRISC, CGEIT, CISA, or similar
Pay Range: $160,000 - $220,000
Compensation for roles at P&G varies depending on a wide array of equal opportunity factors including but not limited to the specific office location, role, degree/credentials, relevant skills, and level of experience. At P&G compensation decisions are dependent on the facts and circumstances of each case. Total rewards at P&G include salary + bonus (if applicable) + benefits. Your recruiter may be able to share more about our total rewards offerings and the specific salary range for the relevant location(s) during the hiring process.
Our company is committed to providing equal opportunities in employment. We value diversity and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Immigration Sponsorship is not available for this role. For more information regarding who is eligible for hire at P&G along with other work authorization FAQ’s, please click HERE.
P&G participates in e-verify as required by law.
Qualified individuals will not be disadvantaged based on being unemployed.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Job Schedule
Full timeJob Number
R000136880Job Segmentation
Experienced ProfessionalsStarting Pay / Salary Range
$160,000.00 - $220,000.00 / yearOther facts
About PGBPGNGLOBAL
P&G was founded more than 185 years ago as a soap and candle company. Today, we’re one of the world’s largest consumer goods companies and home to iconic, trusted brands, including Always®, Charmin®, Braun®, Fairy®, Febreze®, Gillette®, Head & Shoulders®, Oral B®, Pantene®, Pampers®, Tide®, and Vicks®.
The design, development, growth and success of these products—and many more—is thanks to the innovative and insightful minds of our people. From Day 1, you’ll help make everyday life easier for our 5 billion consumers.
There is no single equation for success at P&G, because no two P&G people or careers are alike. Just as we strive to deliver a superior consumer experience, we aim to deliver a superior employee value equation as well. With our large global footprint, there are many opportunities to work with P&G in multiple locations. We offer opportunities in approximately 70 countries and continually aim to attract, reward and advance the finest people in the world.
Here, we want you to get your career off to a fast start. That's why we don't have any rotational development programs or gradual ramping-up periods: you’ll be able—and encouraged—to dive right in from Day 1. Join us and help make life better through meaningful work that makes an impact from Day 1.
What you'll do
- The GRC Director will maintain and evolve the information security policy framework, manage enterprise risk processes, and ensure compliance with regulations. They will also drive initiatives to align security programs with business goals and foster a risk-aware culture within the organization.
Ready to join PGBPGNGLOBAL?
Take the next step in your career journey