Director, Governance, Risk, and Compliance
MACOM
Date: 11 hours ago
City: Lowell, MA
Contract type: Full time
Company Overview:
MACOM designs and manufactures semiconductor products for Data Center, Telecommunication, and Industrial and Defense applications. Headquartered in Lowell, Massachusetts, MACOM has design centers and sales offices throughout North America, Europe, and Asia. MACOM is certified to the ISO9001 international quality standard and ISO14001 environmental management standard.
MACOM has more than 65 years of application expertise with multiple design centers, Si, GaAs, and InP fabrication, manufacturing, assembly and test, and operational facilities throughout North America, Europe, and Asia. View our facilities at https://www.macom.com/. In addition, MACOM offers foundry services that represent a key core competency within our business.
MACOM sells and distributes products globally via a sales channel comprised of a direct field sales force, authorized sales representatives, and leading industry distributors. Our sales team is trained across all of our products to give our customers insights into our entire portfolio.
Title: Director, Governance, Risk, and Compliance
Position Overview:
The Director of GRC will lead MACOM’s governance, risk management, and compliance strategy, with a specific focus on regulatory frameworks such as CMMC 2.0, NIST 800-171, SOX, ITAR, DFARS, and GDPR. This role will report directly to the CISO. This role will drive enterprise-wide alignment of security policies, risk assessments, and third-party risk programs, while ensuring MACOM’s security and compliance program scales with the business.
Key Responsibilities
Governance & Compliance
Required
MACOM is an Equal Opportunity Employer committed to a diverse workforce. MACOM will not discriminate against any worker or job applicant on the basis of race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, genetic information, veteran status, military service, marital status, or any other category protected under applicable law.
Reasonable Accommodation:
MACOM is committed to working with and providing reasonable accommodations to qualified individuals with physical and mental disabilities. If you have a disability and are in need of a reasonable accommodation with respect to any part of the application process, please call +1-978-656-2500 or email [email protected]. Provide your name, phone number and the position title and location in which you are interested, and nature of accommodation needed, and we will get back to you. We also work with current employees who request or need reasonable accommodation in order to perform the essential functions of their jobs.
MACOM designs and manufactures semiconductor products for Data Center, Telecommunication, and Industrial and Defense applications. Headquartered in Lowell, Massachusetts, MACOM has design centers and sales offices throughout North America, Europe, and Asia. MACOM is certified to the ISO9001 international quality standard and ISO14001 environmental management standard.
MACOM has more than 65 years of application expertise with multiple design centers, Si, GaAs, and InP fabrication, manufacturing, assembly and test, and operational facilities throughout North America, Europe, and Asia. View our facilities at https://www.macom.com/. In addition, MACOM offers foundry services that represent a key core competency within our business.
MACOM sells and distributes products globally via a sales channel comprised of a direct field sales force, authorized sales representatives, and leading industry distributors. Our sales team is trained across all of our products to give our customers insights into our entire portfolio.
Title: Director, Governance, Risk, and Compliance
Position Overview:
The Director of GRC will lead MACOM’s governance, risk management, and compliance strategy, with a specific focus on regulatory frameworks such as CMMC 2.0, NIST 800-171, SOX, ITAR, DFARS, and GDPR. This role will report directly to the CISO. This role will drive enterprise-wide alignment of security policies, risk assessments, and third-party risk programs, while ensuring MACOM’s security and compliance program scales with the business.
Key Responsibilities
Governance & Compliance
- Own and maintain MACOM’s security policy framework, standards, and procedures.
- Lead cross-functional efforts to meet CMMC Level 2 certification and maintain ongoing compliance.
- Oversee SOX ITGC controls and coordinate with internal/external auditors.
- Ensure compliance with U.S. export control regulations (ITAR, EAR) and defense contract clauses (DFARS).
- Manage enterprise-level security awareness training and compliance reporting.
- Oversee MACOM’s data privacy governance program, including alignment with applicable U.S. and international privacy laws (e.g., GDPR, CCPA).
- Develop and maintain privacy impact assessments (PIAs) and data handling procedures in coordination with legal, HR, and business units to ensure appropriate protection of personal and sensitive information.
- Lead MACOM’s risk management process including risk assessments, risk treatment plans, and risk registers.
- Collaborate with IT, supply chain, legal, and business units to track remediation of identified risks.
- Provide executive-level reporting on risk posture, key indicators, and trends.
- Stand up and lead the third-party risk management (TPRM) program, including due diligence, onboarding assessments, and continuous monitoring.
- Maintain and evolve vendor risk scoring methodologies.
- Partner with procurement and legal teams on data protection and security contract language.
- Coordinate internal and external audits and regulatory assessments (CMMC, SOX, etc.).
- Develop and oversee SSPs and POA&Ms and manage evidence collection processes.
- Serve as a liaison with assessors, regulators, and customers during audits and security reviews.
Required
- Bachelor’s degree in Information Security, Risk Management, Business, or related field.
- 8+ years of experience in information security, IT risk, compliance, or audit.
- Demonstrated leadership in standing up or maturing a GRC program.
- Deep knowledge of CMMC 2.0, NIST 800-171, SOX, and third-party risk practices.
- Experience with regulatory compliance in the defense industrial base (DIB).
- Due to ITAR Diregulations, only candidates who are U.S. Persons (U.S. citizens, U.S. nationals, lawful permanent residents, or individuals granted asylum or refugee status) will be considered for this position.
- Security or compliance certifications (e.g., CISM, CRISC, CISSP, CGEIT, or CISA).
- Experience working in a semiconductor, defense, or highly regulated technology environment.
- Familiarity with GRC platforms (e.g., ServiceNow GRC).
- Excellent communication and stakeholder management skills.
MACOM is an Equal Opportunity Employer committed to a diverse workforce. MACOM will not discriminate against any worker or job applicant on the basis of race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, genetic information, veteran status, military service, marital status, or any other category protected under applicable law.
Reasonable Accommodation:
MACOM is committed to working with and providing reasonable accommodations to qualified individuals with physical and mental disabilities. If you have a disability and are in need of a reasonable accommodation with respect to any part of the application process, please call +1-978-656-2500 or email [email protected]. Provide your name, phone number and the position title and location in which you are interested, and nature of accommodation needed, and we will get back to you. We also work with current employees who request or need reasonable accommodation in order to perform the essential functions of their jobs.
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resume