Â
Â
This role is not limited to policy writing or audit coordination. It is intended to make security governance real and measurable across the enterprise by building practical operating mechanisms around risk, controls, evidence, exceptions, and stakeholder accountability. In the staffing plan, this role is explicitly intended to select and operationalize the primary framework, likely starting with NIST CSF 2.0 while mapping outward to SOX ITGC, SOC2 Type2, ISO 27001, NIST AI RMF, ISO 42001 and other requirements for customers, audit, and international needs.Â
JustificationÂ
Echo is reassessing its policy foundation, including formal expectations for information security governance, access control, supplier security, and compliance review. What is needed now is a leader who can turn those policies into a durable governance operating system with clear ownership, evidence discipline, exception management, and measurable accountability.Â
Hiring RequirementsÂ
Â
What you will doÂ
Lead selection, adoption, and operationalization of Echo’s primary cybersecurity framework and related standards structure, with NIST CSF 2.0 as the likely management layerÂ
Build and maintain a control ownership model across Technology, Engineering, Platform, Network, EUC, Asset, Data, Integrations, and SecurityÂ
Translate existing policies into measurable operating practices, control expectations, evidence requirements, review cadences, and exception workflowsÂ
Partner with security architecture, engineering, and operations teams to ensure that governance expectations are practical, technically grounded, and enforceableÂ
Drive enterprise risk and control assessments, including facilitating discussions on control design, effectiveness, and remediation prioritiesÂ
Build an evidence library structure while defining repeatable collection, review, reuse, and freshness cadencesÂ
Improve security questionnaire workflows through standardized responses, evidence reuse, service-level expectations, and clearer ownershipÂ
Coordinate third-party security intake and help define tiering, minimum security requirements, documentation expectations, and escalation pathsÂ
Partner with Internal Audit and business stakeholders on readiness efforts, compliance reviews, and operational audit supportÂ
Track policy exceptions, control gaps, remediation commitments, and overdue actions through closure, including clear owners and time boundsÂ
Perform User Access Reviews compliant to SOX ITGC and SOC2/ISO27001Â
Provide security governance input on supplier security requirements, contractual obligations, and ongoing review expectationsÂ
Produce reporting for leadership on framework maturity, control ownership, policy currency, evidence readiness, exception status, and risk trendsÂ
Lead the evolution to and support of continuous compliance capabilities to improve control visibility, evidence freshness, and audit readinessÂ
Manage and evolve the organization’s trust center, including published security documentation, customer-facing assurance materials, and the processes that keep content current and supportableÂ
Â
What success looks likeÂ
In the first 60 to 90 days, this role is expected to produce a framework decision package, define the control ownership model, stand up an evidence library structure, improve questionnaire operations, and establish practical workflows for exceptions and third-party intake. Over 12 months, success means framework adoption becomes measurable, control ownership is visible, evidence is reusable, customer and audit due diligence become less reactive, and policy exceptions and control gaps are actively managed.Â
What you bringÂ
5+ years in cybersecurity GRC, security risk, audit readiness, compliance operations, or related functions, with clear experience building or maturing governance operating modelsÂ
2+ years of GRC experience in a public company.Â
Experience with SOX ITGC controls.Â
Understanding of regulatory and SEC requirements for a public company.Â
Strong experience operationalizing NIST CSF and translating controls across frameworks such as ISO 27001, SOX, SOC 2, or similar frameworksÂ
Experience building or maturing security governance programs in complex enterprise environments with multiple technical stakeholdersÂ
Experience with risk assessments, control design reviews, exception management, and remediation trackingÂ
Strong understanding of third-party risk, supplier security reviews, security questionnaires, and governance workflows that scale beyond one-off reviewsÂ
Experience partnering with technical teams to influence architecture, engineering, and operations outcomes in a practical, technically credible wayÂ
Ability to turn policy and framework language into concrete operating practices, ownership expectations, and measurable evidenceÂ
Strong writing, stakeholder management, and executive communication skillsÂ
Preferred qualificationsÂ
GRC experience with a public company for SEC and regulatory reporting requirements, i.e. 10K, 8K.Â
Experience supporting SOC 2, ISO 27001, CTPAT, SOX or similar audit/readiness effortsÂ
Experience with evidence management, control testing, internal audit coordination, or related assurance processesÂ
Experience with automated continuous compliance platforms, including evidence automation, control monitoring, and audit readiness workflowsÂ
Experience managing a trust center or similar customer assurance portal and keeping security documentation current and reusableÂ
Familiarity with enterprise technology environments spanning cloud, identity, endpoint, network, and application security domains.Â
Knowledge of AI governance frameworks, e.g, NIST AI RMF, and ISO 42001.Â
Â
Echo Global Logistics is a leading provider of technology-enabled transportation management services. As a third-party logistics provider, we simplify transportation management for our clients and carriers, handling crucial tasks so they can focus on what they do best. From coast to coast, dock to dock, and across all major transportation modes, Echo connects businesses that need to ship their products with carriers who transport goods quickly, securely, and cost-effectively.Â
Â
Why this role mattersÂ
Echo already has a policy foundation, including formal expectations for information security governance, access control, supplier security, and compliance review. What is needed now is a leader who can turn those policies into a durable governance operating system with clear ownership, evidence discipline,  exception management, and measurable accountability.Â
Â
Work environment/physical demands summary:Â
This job operates in an office environment and uses a computer, telephone and other office equipment as needed to perform duties. The noise level in the work environment is typical of that of an office with an open seating floor plan. The employee may encounter frequent interruptions throughout the work day. The employee is regularly required to sit, talk, or hear.Â
Â
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, or Vietnam era or other protected veteran. Â
#LI-SG1
#Remote
Benefits
For more information about our benefit offerings, please visit our careers page at https://www.echo.com/company/careers.
Compensation
$112,498.00-163,571.00 per yearThis role is eligible for a bonus that is based on a combination of personal and business performance.Learn more about this Employer on their Career Site
