Apply now »
Date:  Mar 4, 2023
Job Req ID:  12394
Category:  Information Technology
Country/Region:  US
State:  IL
City:  Naperville
Workplace:  Hybrid

Title:  Director Security Governance, Risk and Compliance


As a Governance, Risk Management, and Compliance (GRC) Director, you will be responsible for the overall enterprise wide GRC programs.  In this role, you will be responsible for the hands-on design, implementation, and effective management of the programs and the shaping of the security policies, standards, and procedures aligned with the overall cybersecurity strategy and programs.  You will provide subject matter expertise and leadership on mature security governance structures and processes, Risk Management process, and contractual, regulatory compliance requirements.


This role requires a combination of a strong GRC background and business acumen to manage relationships between the various business units and IT groups.




  • Governance:  You will be responsible for designing and leading a comprehensive governance program, including the establishment of security policies, standards, and procedures by taking a risk-based approach with the program design.  You will be using the NIST 800-53, 800-171, and ISO 27001 requirements as a guide in the program design.  You will be work cooperatively with others and solicit input from the various areas of the organization.  You will be implementing and managing the governance processes and educating and training the organization on the new governance programs and measuring and reporting on all aspects of the programs.


  • Risk Management:  You will be accountable for designing a comprehensive cybersecurity Risk Management program to identify, quantify, classify, and manage risks for the organization and working cooperatively with others and solicit input from the various areas of the organization and continually educating and training the organization on the new risk management function and how they can participate and contribute to it.  Driving the identification of security risks and maintaining a risk register, including planned mitigations and acceptance.  The risk management program will include a vendor risk management function including working closely with the procurement team and others to evaluate and report on vendors’ risk and measuring and reporting on all identified risks and the overall security risk management functions.  You will also be aligning security risk management with the existing business risk management practices.


  • Compliance:  You will be designing a comprehensive compliance program, including the establishment of security policies, standards, and procedures.  Taking a risk-based approach to ensure the new program design satisfies the IT business functions as well as the commercial lines of business.  You will be using the data and privacy requirements like GDPR, and CCPA as a guide in the program design.  Continually evaluating and reporting on the controls design, implementation, effectiveness, and maturity levels and working cooperatively with others and solicit input from the various areas of the organization.  Guiding, educating, and advocating the organization on the compliance requirements and how each person and department play a role in maintaining the required compliance and measuring and reporting on all aspects of the compliance program.


  • Leadership:  You will be serving as the primary subject matter expert and leader on all aspects of compliance, governance, and risk management.  Providing regular reports to the Chief Information Security Officer (CISO) and, when needed to other internal or external entities on all aspects of this role responsibilities, including adequate metrics on each of the programs.  You will be serving as the primary security liaison for internal and external audits and as needed to represent IT and Security and respond to inquiries from external entities on all matters related to security compliance.  You will be making independent decisions or representing leadership at times.  Own third-party risk evaluation process and any required audits to demonstrate our risk posture and control adherence and manage GRC technology, staffing needs, and manage assigned budget in line with approved allocations.  Mentor and manage others to increase team competency and continually build a culture of constant improvement and a desire to excel.





  • Experience in building and managing compliance and risk management programs, including hands-on control design and effectiveness evaluation.
  • Strong knowledge and experience in security requirements, standards, and best practices, including NIST CSF, ISO 27001, OWASP.
  • Background in developing and maintaining security policies, processes, procedures, and standards.
  • Knowledge of and prior experience in GRC tools/ technologies.
  • Excellent written and verbal communication skills.
  • Ability to manage across multiple competing priorities and time-sensitive initiatives.
  • Strong ability to motivate and lead team members, including in a remote/distributed workforce.
  • Uncompromising personal and professional integrity and ethics.



After you apply, your application will be reviewed by a real recruiter – not a bot. This means it could take us a little while to get back with you so watch your inbox for updates. In the meantime, visit our How We Hire page to get insights into our hiring process and how to best prepare for a Kellogg interview.


If we can help you with a reasonable accommodation throughout the application or hiring process, please

This role takes part in Locate for Your Day, Kellogg’s hybrid way of working that empowers office-based employees to, in partnership with their managers, find a balance between working from home and the office.




Kellogg Company is a multibillion-dollar company with over 30 thousand employees all over the globe. We are proud to make delicious foods that people love – foods that you grew up with like Frosted Flakes, Cheez It, Eggo, Pop-Tarts, Crunchy Nut, Pringles, as well as innovative foods such as MorningStar Farms, RX bar, and Noodles. Our KValues and BetterDays commitments are at the core of who we are, what we believe and what brings us together. We’re proud to say we’ve been awarded with Fortune’s “World’s Most Admired Companies”, DiversityInc’s “Top 50 Companies for Diversity”, Newsweek’s “Most Loved Workplaces”, and many more awards that you can check out here.


Equity, Diversity, and Inclusion has been part of our DNA since the beginning. Clearly stated in our Code of Ethics “we have respect for individuals of all backgrounds, capability and opinions.” We believe that equity is more than leveling the playing field. It is making sure barriers, both tangible and intangible, are removed. Interested in the numbers? We hold ourselves accountable with our yearly Features report.


Kellogg is proud to offer industry competitive Total Health benefits (Physical, Financial, Emotional, and Social) that vary depending on region and type of role. Be sure to ask your recruiter for more information!



The ability to work a full shift, come to work on time, work overtime as needed and the ability to work according to the necessary schedule to meet job requirements with or without reasonable accommodation is an essential function of this position. #LI-Hybrid

Kellogg Company is an Equal Opportunity Employer that strives to provide an inclusive work environment, a seat for everyone at the table, and embraces the diverse talent of its people. All qualified applicants will receive consideration for employment without regard to race, color, ethnicity, disability, religion, national origin, gender, gender identity, gender expression, marital status, sexual orientation, age, protected veteran status, or any other characteristic protected by law. For more information regarding our efforts to advance Equity, Diversity & Inclusion, please visit our website here.   

Where required by state law and/or city ordinance; this employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization. For additional information, please follow this link.

Let’s create the future of food,

Kellogg Recruitment

Kellogg is taking bold next steps on its portfolio transformation journey by separating its North American cereal business by the end of 2023, resulting in two independent public companies, each better positioned to unlock their full standalone potential. Learn more at

Nearest Major Market: Naperville
Nearest Secondary Market: Chicago

Apply now »