It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
The Senior Manager, GRC and Third-Party Security Risk will lead Lumentum’s global security governance, compliance, and third-party risk programs. This role combines deep technical expertise, program management rigor, and cross-functional leadership to ensure that Lumentum’s compliance and vendor ecosystems remain secure, resilient, and aligned with industry standards.
The ideal candidate will build structured frameworks for tracking and reporting compliance projects, lead certification efforts for key standards such as ISO 27001:2022, NIST CSF, and NIST SP 800-171, and oversee a robust third-party security risk program covering suppliers, partners, and service providers globally.
Lead and maintain Lumentum’s global information security compliance program across ISO 27001:2022, NIST CSF, and NIST SP 800-171.
Develop and maintain structured frameworks for tracking compliance initiatives—defining project milestones, owners, dependencies, and measurable outcomes.
Build and maintain dashboards and executive reports summarizing project progress, audit results, remediation status, and control maturity.
Coordinate internal and external audits, certification renewals, and third-party assessments.
Partner with enterprise risk management, audit, IT, and operations teams to integrate GRC processes into broader corporate governance.
Ensure security controls are maintained across both on-prem and cloud/SaaS environments.
Design, implement, and lead a global third-party risk management (TPRM) program encompassing suppliers, service providers, and strategic partners.
Define and maintain vendor security assessment frameworks, control baselines, and onboarding/off-boarding requirements.
Track and report on vendor coverage, risk remediation progress, and control maturity metrics.
Establish continuous monitoring mechanisms to identify new or emerging vendor threats.
Collaborate with Procurement, Legal, and Supply Chain to embed security controls in vendor contracts and lifecycle processes.
Lead response coordination for vendor-related security incidents impacting Lumentum operations or data.
Partner with IT, Supply Chain, Operations, Legal, and regional teams to align governance and risk management with business objectives.
Guide cross-functional teams through remediation and risk reduction initiatives.
Mentor and develop team members, fostering a culture of accountability, continuous improvement, and measurable progress.
Present program performance and maturity metrics to executive leadership.
Required Skills
Expertise in ISO 27001 implementation and audit lifecycle management.
Deep understanding of NIST CSF, NIST SP 800-171, and control mapping across frameworks.
Strong program management skills with ability to define, track, and report a portfolio of compliance and risk initiatives.
Experience developing dashboards and reporting mechanisms for risk, remediation, and control maturity tracking.
Proficiency in designing and operating third-party risk programs covering assessments, control validation, and ongoing monitoring.
Capability to translate technical security findings into clear business impact.
Advanced written and verbal communication for executive-level reporting and board-facing deliverables.
Familiarity with hybrid enterprise environments (on-premises, SaaS, cloud platforms).
Desirable Skills
Experience with GRC tooling (e.g., Archer, ServiceNow GRC, OneTrust, or similar).
Background in global manufacturing or high-tech supply chain environments.
Knowledge of privacy frameworks (GDPR, CCPA) and data protection practices.
Working knowledge of secure software development lifecycle (SDLC) and DevSecOps principles.
Familiarity with cybersecurity metrics automation and business intelligence visualization tools.
Education
Bachelor’s degree in Information Security, Computer Science, Cybersecurity, or a related field.
Master’s degree preferred.
Relevant Certifications
Strongly preferred:
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
ISO 27001 Lead Implementer or Auditor
Desirable:
CRISC (Certified in Risk and Information Systems Control)
CCSP (Certified Cloud Security Professional)
CISA (Certified Information Systems Auditor)
Minimum 10 years of experience in information security, with at least 5 years focused on governance, risk, and compliance or third-party/vendor risk management.
Proven leadership in managing enterprise-wide compliance programs and coordinating audits or certifications.
Demonstrated success implementing ISO 27001 and NIST frameworks across complex, distributed enterprises.
Experience building and maintaining structured tracking and reporting frameworks for compliance and vendor risk portfolios.
Prior experience engaging with procurement, supply chain, and legal teams to manage third-party risks.
Track record of building executive reporting that demonstrates measurable risk reduction and maturity improvement.
Competencies
Strategic thinking and the ability to align cybersecurity governance with business objectives.
Analytical rigor with high attention to detail and accuracy.
Excellent organizational skills with ability to manage multiple concurrent projects.
Collaborative leadership with cross-functional influence.
Clear communication—able to distill complex data into actionable insights.
Accountability and ownership of deliverables in a fast-paced, global environment.
Continuous learning mindset and adaptability to emerging security frameworks and technologies.
Pay Range:
P80-USA-1 :$145,550.00 - $207,900.00Disclaimer:
Final base salary for the successful candidate will depend on multiple factors, including but not limited to, job location, where work will be performed, qualifications, work history and relevant experience. With our continual goal of making Lumentum a best place to work for our employees, we strive to offer employees competitive total compensation packages, which may include annual bonus, commission for certain sales roles, equity, and health and welfare benefits.