Information Security GRC Lead

Role Overview
We are seeking an Information Security GRC Lead to support compliance with customer security requirements, with a primary focus on TISAX. This role requires a strong understanding of security frameworks and the ability to translate technical and regulatory requirements into clear, actionable guidance for engineers, senior stakeholders, and executive leadership.

The Information Security GRC Lead will be responsible for implementing and operationalizing assurance capabilities across the organization, enabling customer trust, regulatory compliance, and enterprise-wide risk visibility.

Key Responsibilities
TISAX & Assurance
· Lead the implementation of TISAX control requirements, including documentation and evidence management.
· Prepare Lithia & Driveway for TISAX assessments and audit engagements.
· Coordinate cross-functional remediation efforts across IT, Engineering, Legal, HR, Procurement, and Compliance.
· Maintain ongoing assurance and maturity tracking following assessments.
· Track remediation actions, risk acceptance, and escalations through established governance forums.

Data Governance & Risk Management
· Lead the development of data governance controls, standards, and assurance processes.
· Align security and privacy controls with regulatory requirements and customer expectations.
· Partner with Legal, Privacy, and Technology teams to manage data-related risks.
· Support the integration of KPIs, KRIs, and risk metrics into GRC dashboards.
· Contribute to the progression toward a scalable, mature global GRC model.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 3 years of experience in Information Security GRC, risk management, or assurance.
• Experience working with security frameworks such as ISO, NIST, TISAX, or similar.
• Proven ability to present complex security and risk topics to senior leadership.
• Strong documentation, reporting, and stakeholder communication skills.

• Direct experience with TISAX or automotive security frameworks.
• Background in data governance, privacy, or regulatory compliance.
• Familiarity with GRC tooling (e.g., OneTrust or similar platforms).
• Audit or assurance background.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.