Lumentum
Senior Manager, Governance, Risk & Compliance (GRC) and Third-Party Security Ris
Lumentum, San Jose, California, United States, 95199
Senior Manager, Governance, Risk & Compliance (GRC) and Third-Party Security Risk
Senior Manager, Governance, Risk & Compliance (GRC) and Third-Party Security Risk
It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! The
Senior Manager, GRC and Third-Party Security Risk
will lead Lumentum’s global security governance, compliance, and third-party risk programs. This role combines deep technical expertise, program management rigor, and cross-functional leadership to ensure that Lumentum’s compliance and vendor ecosystems remain secure, resilient, and aligned with industry standards. The ideal candidate will build structured frameworks for tracking and reporting compliance projects, lead certification efforts for key standards such as
ISO 27001:2022 ,
NIST CSF , and
NIST SP 800-171 , and oversee a robust third-party security risk program covering suppliers, partners, and service providers globally. Responsibilities: Governance, Risk, and Compliance (GRC) Lead and maintain Lumentum’s global information security compliance program across ISO 27001:2022, NIST CSF, and NIST SP 800-171. Develop and maintain structured frameworks for tracking compliance initiatives—defining project milestones, owners, dependencies, and measurable outcomes. Build and maintain dashboards and executive reports summarizing project progress, audit results, remediation status, and control maturity. Coordinate internal and external audits, certification renewals, and third-party assessments. Partner with enterprise risk management, audit, IT, and operations teams to integrate GRC processes into broader corporate governance. Ensure security controls are maintained across both on-prem and cloud/SaaS environments. Third-Party Security Risk Management Design, implement, and lead a global third-party risk management (TPRM) program encompassing suppliers, service providers, and strategic partners. Define and maintain vendor security assessment frameworks, control baselines, and onboarding/off-boarding requirements. Track and report on vendor coverage, risk remediation progress, and control maturity metrics. Establish continuous monitoring mechanisms to identify new or emerging vendor threats. Collaborate with Procurement, Legal, and Supply Chain to embed security controls in vendor contracts and lifecycle processes. Lead response coordination for vendor-related security incidents impacting Lumentum operations or data. Leadership and Collaboration Partner with IT, Supply Chain, Operations, Legal, and regional teams to align governance and risk management with business objectives. Guide cross-functional teams through remediation and risk reduction initiatives. Mentor and develop team members, fostering a culture of accountability, continuous improvement, and measurable progress. Present program performance and maturity metrics to executive leadership. Required Skills Expertise in ISO 27001 implementation and audit lifecycle management. Deep understanding of NIST CSF, NIST SP 800-171, and control mapping across frameworks. Strong program management skills with ability to define, track, and report a portfolio of compliance and risk initiatives. Experience developing dashboards and reporting mechanisms for risk, remediation, and control maturity tracking. Proficiency in designing and operating third-party risk programs covering assessments, control validation, and ongoing monitoring. Capability to translate technical security findings into clear business impact. Advanced written and verbal communication for executive-level reporting and board-facing deliverables. Familiarity with hybrid enterprise environments (on-premises, SaaS, cloud platforms). Experience with GRC tooling (e.g., Archer, ServiceNow GRC, OneTrust, or similar). Background in global manufacturing or high-tech supply chain environments. Knowledge of privacy frameworks (GDPR, CCPA) and data protection practices. Working knowledge of secure software development lifecycle (SDLC) and DevSecOps principles. Familiarity with cybersecurity metrics automation and business intelligence visualization tools. Education Bachelor’s degree in Information Security, Computer Science, Cybersecurity, or a related field. Strongly Preferred CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) ISO 27001 Lead Implementer or Auditor CRISC (Certified in Risk and Information Systems Control) CCSP (Certified Cloud Security Professional) CISA (Certified Information Systems Auditor) Work Experience Minimum 10 years of experience in information security, with at least 5 years focused on governance, risk, and compliance or third-party/vendor risk management. Proven leadership in managing enterprise-wide compliance programs and coordinating audits or certifications. Demonstrated success implementing ISO 27001 and NIST frameworks across complex, distributed enterprises. Experience building and maintaining structured tracking and reporting frameworks for compliance and vendor risk portfolios. Prior experience engaging with procurement, supply chain, and legal teams to manage third-party risks. Track record of building executive reporting that demonstrates measurable risk reduction and maturity improvement. Pay Range P80-USA-1 :$145,550.00 - $207,900.00 Disclaimer Final base salary for the successful candidate will depend on multiple factors, including but not limited to, job location, where work will be performed, qualifications, work history and relevant experience. With our continual goal of making Lumentum a best place to work for our employees, we strive to offer employees competitive total compensation packages, which may include annual bonus, commission for certain sales roles, equity, and health and welfare benefits. Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries Telecommunications and Semiconductor Manufacturing Referrals increase your chances of interviewing at Lumentum by 2x Inferred from the description for this job
Medical insurance Vision insurance 401(k) Student loan assistance Tuition assistance Disability insurance Get notified about new Risk Compliance Manager jobs in
San Jose, CA . Mountain View, CA $105,000.00-$141,000.00 1 week ago Mountain View, CA $149,991.00-$213,084.00 1 week ago San Jose, CA $115,000.00-$153,000.00 1 week ago Senior Manager, Compliance (Issue Management & Monitoring)
Senior Compliance Manager - Commercial Lending
Mountain View, CA $114,500.00-$168,500.00 2 weeks ago Data Governance, Risk, and Compliance Officer
San Jose, CA $250,000.00-$495,000.00 2 days ago Redwood City, CA $184,000.00-$244,000.00 2 weeks ago Data Governance, Risk, and Compliance Officer
San Jose, CA $232,000.00-$398,750.00 1 month ago Milpitas, CA $155,000.00-$185,000.00 3 weeks ago Manager, Security Governance Risk and Compliance
Sr. Global SOX Compliance Manager (26710)
San Jose, CA $164,000.00-$190,000.00 1 month ago San Jose, CA $209,000.00-$359,150.00 2 months ago San Jose, CA $164,000.00-$170,000.00 1 month ago Staff Product Manager, Fintech Risk Management
Mountain View, CA $180,500.00-$244,000.00 2 weeks ago San Jose, CA $142,600.00-$261,500.00 2 weeks ago Assurance - Technology Risk - Senior Manager - Multiple Positions - 1650185
San Jose, CA $164,000.00-$170,000.00 1 week ago Senior Director, Revenue and Order To Cash
Sr. Manager, Software Engineering - Identity and Compliance Management
Mountain View, CA $181,000.00-$297,000.00 4 days ago Menlo Park, CA $137,000.00-$195,000.00 2 weeks ago San Jose, CA $68,640.00-$75,000.00 4 weeks ago Sunnyvale, CA $180,000.00-$250,000.00 3 weeks ago Redwood City, CA $211,000.00-$263,000.00 2 weeks ago San Jose, CA $115,200.00-$248,700.00 2 weeks ago Mountain View, CA $114,500.00-$168,500.00 2 weeks ago Senior Manager, Internal Audit and SOX Compliance
Santa Clara, CA $176,000.00-$276,000.00 13 hours ago Mountain View, CA $135,500.00-$199,500.00 1 week ago Staff Fraud & Risk Analyst - Compliance Lead
Mountain View, CA $168,500.00-$228,000.00 6 days ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Senior Manager, Governance, Risk & Compliance (GRC) and Third-Party Security Risk
It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! The
Senior Manager, GRC and Third-Party Security Risk
will lead Lumentum’s global security governance, compliance, and third-party risk programs. This role combines deep technical expertise, program management rigor, and cross-functional leadership to ensure that Lumentum’s compliance and vendor ecosystems remain secure, resilient, and aligned with industry standards. The ideal candidate will build structured frameworks for tracking and reporting compliance projects, lead certification efforts for key standards such as
ISO 27001:2022 ,
NIST CSF , and
NIST SP 800-171 , and oversee a robust third-party security risk program covering suppliers, partners, and service providers globally. Responsibilities: Governance, Risk, and Compliance (GRC) Lead and maintain Lumentum’s global information security compliance program across ISO 27001:2022, NIST CSF, and NIST SP 800-171. Develop and maintain structured frameworks for tracking compliance initiatives—defining project milestones, owners, dependencies, and measurable outcomes. Build and maintain dashboards and executive reports summarizing project progress, audit results, remediation status, and control maturity. Coordinate internal and external audits, certification renewals, and third-party assessments. Partner with enterprise risk management, audit, IT, and operations teams to integrate GRC processes into broader corporate governance. Ensure security controls are maintained across both on-prem and cloud/SaaS environments. Third-Party Security Risk Management Design, implement, and lead a global third-party risk management (TPRM) program encompassing suppliers, service providers, and strategic partners. Define and maintain vendor security assessment frameworks, control baselines, and onboarding/off-boarding requirements. Track and report on vendor coverage, risk remediation progress, and control maturity metrics. Establish continuous monitoring mechanisms to identify new or emerging vendor threats. Collaborate with Procurement, Legal, and Supply Chain to embed security controls in vendor contracts and lifecycle processes. Lead response coordination for vendor-related security incidents impacting Lumentum operations or data. Leadership and Collaboration Partner with IT, Supply Chain, Operations, Legal, and regional teams to align governance and risk management with business objectives. Guide cross-functional teams through remediation and risk reduction initiatives. Mentor and develop team members, fostering a culture of accountability, continuous improvement, and measurable progress. Present program performance and maturity metrics to executive leadership. Required Skills Expertise in ISO 27001 implementation and audit lifecycle management. Deep understanding of NIST CSF, NIST SP 800-171, and control mapping across frameworks. Strong program management skills with ability to define, track, and report a portfolio of compliance and risk initiatives. Experience developing dashboards and reporting mechanisms for risk, remediation, and control maturity tracking. Proficiency in designing and operating third-party risk programs covering assessments, control validation, and ongoing monitoring. Capability to translate technical security findings into clear business impact. Advanced written and verbal communication for executive-level reporting and board-facing deliverables. Familiarity with hybrid enterprise environments (on-premises, SaaS, cloud platforms). Experience with GRC tooling (e.g., Archer, ServiceNow GRC, OneTrust, or similar). Background in global manufacturing or high-tech supply chain environments. Knowledge of privacy frameworks (GDPR, CCPA) and data protection practices. Working knowledge of secure software development lifecycle (SDLC) and DevSecOps principles. Familiarity with cybersecurity metrics automation and business intelligence visualization tools. Education Bachelor’s degree in Information Security, Computer Science, Cybersecurity, or a related field. Strongly Preferred CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) ISO 27001 Lead Implementer or Auditor CRISC (Certified in Risk and Information Systems Control) CCSP (Certified Cloud Security Professional) CISA (Certified Information Systems Auditor) Work Experience Minimum 10 years of experience in information security, with at least 5 years focused on governance, risk, and compliance or third-party/vendor risk management. Proven leadership in managing enterprise-wide compliance programs and coordinating audits or certifications. Demonstrated success implementing ISO 27001 and NIST frameworks across complex, distributed enterprises. Experience building and maintaining structured tracking and reporting frameworks for compliance and vendor risk portfolios. Prior experience engaging with procurement, supply chain, and legal teams to manage third-party risks. Track record of building executive reporting that demonstrates measurable risk reduction and maturity improvement. Pay Range P80-USA-1 :$145,550.00 - $207,900.00 Disclaimer Final base salary for the successful candidate will depend on multiple factors, including but not limited to, job location, where work will be performed, qualifications, work history and relevant experience. With our continual goal of making Lumentum a best place to work for our employees, we strive to offer employees competitive total compensation packages, which may include annual bonus, commission for certain sales roles, equity, and health and welfare benefits. Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries Telecommunications and Semiconductor Manufacturing Referrals increase your chances of interviewing at Lumentum by 2x Inferred from the description for this job
Medical insurance Vision insurance 401(k) Student loan assistance Tuition assistance Disability insurance Get notified about new Risk Compliance Manager jobs in
San Jose, CA . Mountain View, CA $105,000.00-$141,000.00 1 week ago Mountain View, CA $149,991.00-$213,084.00 1 week ago San Jose, CA $115,000.00-$153,000.00 1 week ago Senior Manager, Compliance (Issue Management & Monitoring)
Senior Compliance Manager - Commercial Lending
Mountain View, CA $114,500.00-$168,500.00 2 weeks ago Data Governance, Risk, and Compliance Officer
San Jose, CA $250,000.00-$495,000.00 2 days ago Redwood City, CA $184,000.00-$244,000.00 2 weeks ago Data Governance, Risk, and Compliance Officer
San Jose, CA $232,000.00-$398,750.00 1 month ago Milpitas, CA $155,000.00-$185,000.00 3 weeks ago Manager, Security Governance Risk and Compliance
Sr. Global SOX Compliance Manager (26710)
San Jose, CA $164,000.00-$190,000.00 1 month ago San Jose, CA $209,000.00-$359,150.00 2 months ago San Jose, CA $164,000.00-$170,000.00 1 month ago Staff Product Manager, Fintech Risk Management
Mountain View, CA $180,500.00-$244,000.00 2 weeks ago San Jose, CA $142,600.00-$261,500.00 2 weeks ago Assurance - Technology Risk - Senior Manager - Multiple Positions - 1650185
San Jose, CA $164,000.00-$170,000.00 1 week ago Senior Director, Revenue and Order To Cash
Sr. Manager, Software Engineering - Identity and Compliance Management
Mountain View, CA $181,000.00-$297,000.00 4 days ago Menlo Park, CA $137,000.00-$195,000.00 2 weeks ago San Jose, CA $68,640.00-$75,000.00 4 weeks ago Sunnyvale, CA $180,000.00-$250,000.00 3 weeks ago Redwood City, CA $211,000.00-$263,000.00 2 weeks ago San Jose, CA $115,200.00-$248,700.00 2 weeks ago Mountain View, CA $114,500.00-$168,500.00 2 weeks ago Senior Manager, Internal Audit and SOX Compliance
Santa Clara, CA $176,000.00-$276,000.00 13 hours ago Mountain View, CA $135,500.00-$199,500.00 1 week ago Staff Fraud & Risk Analyst - Compliance Lead
Mountain View, CA $168,500.00-$228,000.00 6 days ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr