GRC Analyst

TTM Technologies, Inc. – Publicly Traded US Company, NASDAQ (TTMI) – Top-5 Global Printed Circuit Board Manufacturer

TTM Technologies, Inc. is a leading global manufacturer of technology solutions including engineered systems, radio frequency ("RF") components and RF microwave/microelectronic assemblies, and quick-turn and technologically advanced printed circuit boards ("PCBs"). TTM stands for time-to-market, representing how TTM's time-critical, one-stop manufacturing services enable customers to shorten the time required to develop new products and bring them to market.

Additional information can be found at

Summary

The primary responsibilities of this job profile include: Developing, evaluating and implementing governance, risk and compliance processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information. Researching and interpreting current and pending laws and regulations, industry standards and customer and vendor contracts to understand and communicate compliance requirements. Consulting with business and technical leadership to ensure that data, processes and technology are designed for data protection and compliance. Overseeing information security risk assessments and compliance audits; directing the development and operational effectiveness of IT security controls. Monitoring investigations and documentation of cybersecurity compliance issues and incidents. Reviewing information security risk findings and non-compliance with business leaders and proposing solutions to mitigate risks.

We are seeking a highly motivated, experienced, and detail-oriented Governance, Risk, and Compliance (GRC) Analyst to join our growing IT Security team. The GRC Analyst will play a critical role in supporting the organization's IT risk management, compliance, and governance frameworks. This position involves hands-on tasks, including conducting risk assessments, evaluating IT controls, managing compliance activities, and assisting in the development of supply chain cybersecurity programs. The GRC Analyst will ensure that IT processes and controls align with regulatory requirements and cybersecurity best practices.

The ideal candidate will collaborate closely with technical teams to operationalize compliance requirements, maintain detailed records of compliance activities, and provide ongoing support for audits and regulatory reporting. As a critical member of our team, this individual will collaborate with cross-functional teams to assess risk, implement controls, and maintain compliance while driving continuous improvement of our security posture.

This role is for someone who thrives in a tactical and collaborative environment, is committed to advancing IT compliance initiatives, and is eager to contribute to organizational resilience in an ever-evolving cybersecurity landscape.

Key Responsibilities

• Compliance Management (CMMC, NIST, ISO, SOX, SOC, etc.)
  • Execute day-to-day tasks required for CMMC certification and sustainment, including control mapping, evidence collection, and documentation updates.
  • Coordinate and implement specific cybersecurity controls aligned with CMMC and NIST requirements.
  • Exhibit a strong understanding of NIST and related cybersecurity frameworks with knowledge of cybersecurity principles.
  • Track and report progress on compliance action plans and ensure deadlines are met.
  • Lead and manage the organization's efforts to achieve and maintain compliance.
  • Conduct gap analyses and develop a roadmap to address compliance requirements.
  • Liaise with third-party assessors for certification audits.
  • Manage the process of obtaining and maintaining ISO 27001 certification, ensuring all organizational processes align with ISO standards.
  • Oversee the execution of SOX user access reviews, ensuring that access controls are in place and effective in protecting financial data.
  • Lead initiatives to achieve and maintain SOC 2 Type 2 compliance, focusing on security, availability, processing integrity, confidentiality, and privacy.
• Risk Assessments and Control Monitoring
  • Conduct risk assessments and oversee remediation efforts based on NIST controls.
  • Regularly update policies and procedures to reflect changes in cybersecurity standards.
  • Evaluate the effectiveness of existing controls, document findings, and recommend detailed remediation actions.
  • Maintain risk registers and monitor mitigation plans to ensure completion.
• Audit Preparation and Support
  • Prepare and organize required artifacts for internal and external audits.
  • Conduct mock audits to identify gaps in compliance readiness.
  • Act as the point person during audit activities to facilitate document reviews and follow-up actions.
• Risk and Compliance Management
  • Develop, implement, and manage enterprise-level GRC strategies and frameworks, including policy creation (system security plans) and issue remediation and tracking (plan of action & milestones).
  • Perform risk assessments, audits, and security control testing to identify gaps and recommend solutions.
  • Monitor regulatory changes and ensure the organization's practices remain compliant.
• Documentation and Training
  • Create and maintain documentation of security policies, procedures, and control implementations.
  • Conduct training and awareness programs for internal stakeholders regarding compliance requirements and practices.
• Collaboration and Communication
  • Act as the primary point of contact for compliance-related inquiries.
  • Collaborate with IT, legal, and other departments to align GRC practices with business objectives.

Qualifications

Education, Experience, and Skills

• Bachelor's degree in cybersecurity, information technology, business administration, or a related field (or equivalent experience).
• 3+ years of experience in IT governance, risk management, and compliance.
• Familiarity with relevant standards and frameworks, such as NIST , CMMC, ISO 27001, COBIT, DFARS.
• Strong analytical and problem-solving skills, with attention to detail.
• Excellent communication and project management skills.
• Relevant certifications preferred, such as:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified CMMC Professional (CCP) or CMMC Assessor

Additional Job Description

• An experienced professional with a full understanding of area of responsibility; resolves a wide range of issues in creative ways.

• This job is the fully qualified, career- oriented, position.

• Works on problems of diverse scope w here analysis of data requires evaluation of identifiable factors.

• Demonstrates good judgment in selecting methods and techniques for obtaining solutions.

• Networks with senior internal and external personnel in own area of expertise.

• Normally receives little instruction on day-to-day work, general instructions on new assignments.

• Typically expects 5+ years of related experience with a Bachelor's degree; or 3+ years and a Master's degree; or a PhD without experience; or equivalent work experience. #LI-EC1

TTM offers a variety of health and well-being benefit programs. Benefit options include medical, dental, vision, 401K, Flexible Spending Account, Health Savings Account, accident benefits, life insurance, disability benefits, paid vacation & holidays. Benefits are available 1st of the month following date of hire.

Compensation for roles at TTM Technologies varies depending on a wide array of factors including but not limited to the specific office location, role, skill set and level of experience. As required by local law, TTM provides a reasonable range of compensation for roles that my be hired in New York, California and Colorado. For California-based roles, compensation ranges are based upon specific physical locations.

Export Statement:
Must comply with TTM Export Control Policies and Procedures and all applicable laws including ITAR, EAR and OFAC including but not limited to: a) being able to identify ITAR product on the manufacturing floor and understand that access to these products and related technical data is restricted to only US Citizens and US Permanent Residents; b) recognition of  Foreign Person visitors by badge differentiation; c) understand and follow authorization procedures for bringing foreign visitors into facilities (VAL); d) understand the Export and ITAR requirements for shipments leaving the US; e) manage vendor approvals for ITAR manufacturing and services.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.