IT/OT GRC Program Manager

FuelCell Energy is a global leader in decarbonizing power and producing hydrogen through our proprietary fuel cell technology. Our mission is to enable a world powered by clean energy. As an innovator and manufacturer of fuel cell clean power platforms, FuelCell Energy has the only technology in the world capable of capturing carbon from an external source and producing power at the same time. In addition, we offer the only technology in the world capable of producing hydrogen, power and water simultaneously.

The pay for this position ranges from $135000 - $152000.

Overview

In overview it should read We are seeking a strategic and hands-on IT/OT Governance, Risk, and Compliance (GRC) Manager to define, enforce, and validate security standards across our IT, OT, and Product environments in a highly regulated industry. Reporting to the Senior Director of Cybersecurity, you will bridge the gap between regulatory policy and engineering reality, translating frameworks like CIP, NIST CSF and IEC 62443 into executable controls that align with secure-by-design principles. You will move beyond theoretical compliance to active assurance-conducting mock audits, managing third-party risk, and rigorously validating policies and controls-to maintain a continuous state of security compliance.

Responsibilities:

• Product Security Governance (Build + Operate): Partner with product and engineering teams to embed "secure-by-design" requirements into the product lifecycle, so our delivered systems are positioned to comply with governing regulatory requirements.
• Strategic Framework Leadership (IT + OT): Lead the execution of the CIP, NIST (IT), IEC 62443 (OT) programs by establishing clear ownership and accountability for compliance targets. Actively assess organizational capabilities and recommend necessary staffing, training, or resource adjustments for program success to leadership.
• Develop & Validate Security Baselines: Formulate and govern the technical security standards for the enterprise. Responsible for the full lifecycle of compliance, from defining control requirements to assuring alignment via onsite inspection and independent verification.
• Drive Corrective Action Management: Own the centralized tracking of all audit findings, risk acceptances, and remediation plans (CAPA). Enforce strict timelines for remediation with system owners and escalate issues to leadership.
• Operationalize Compliance: Bridge the gap between policy and practice by translating regulatory requirements into executable operational procedures, working directly with engineers to configure, implement, and validate controls.
• Assure Audit Defense & Readiness: Serve as the primary lead for all internal and external audits. Maintain a continuous state of audit readiness by personally curating evidence repositories and validating artifact quality.
• Execute Internal Assurance Testing: Conduct hands-on "mock audits" and control self-assessments across all sites. Proactively identify and close non-compliance gaps to mitigate the material risk of a cyber event.
• Manage Third-Party Risk (TPRM): Execute the technical vetting of IT/OT suppliers. Directly review vendor security posture and enforce remediation of identified risks or formal risk acceptance prior to contract execution.
• Risk Visibility & Reporting: Translate technical compliance data into business-risk reporting. Provide the Director and CIO with accurate, validated metrics on risk burn-down and compliance posture backed by data.
• Administer GRC Software & Automation: Manage the configuration and maintenance of GRC platforms, services, and workflows to automate evidence collection, minimizing manual reporting overhead for technical teams.
• Manage Security Awareness & Training: Develop and deliver role-based security training content (e.g., lockout/tagout digital safety, password hygiene) to ensure engineering and operations teams understand their specific compliance obligations.
• Proactive Enterprise Risk Management: Lead ongoing risk identification, assessment, and prioritization across IT and OT environments, including threat modeling, maintenance of a centralized risk register, and integration of threat intelligence; conduct periodic comprehensive risk assessments to inform mitigation strategies and resource allocation.
• OT Asset Management & Architecture Governance: Oversee or partner with engineering teams to maintain an accurate OT asset inventory, define network zones and conduits per IEC 62443 requirements, and govern segmentation/architecture decisions to ensure foundational security controls are in place for effective risk management and compliance.
• Incident Response Integration & Lessons Learned: Collaborate with Security Operations and Incident Response teams to incorporate incident findings, root cause analyses, and lessons learned into the GRC program; ensure compliance-related reporting obligations are met and drive control enhancements or policy updates based on incident trends.

Qualifications:

Education: Bachelor's degree in IT, Cybersecurity, Engineering, or related field (or equivalent experience).

Certifications:

• 
  
  
  
  • ISACA CISA / CISM / CRISC
  • ISC2 CGRC (or equivalent GRC credential)
  • IEC/ISA 62443-focused training/certificates
  
  
  
  
• Experience building policies/standards, control frameworks, and audit evidence packages.
• Experience working cross-functionally with IT, OT/Engineering, Operations, Legal/Compliance, and vendors.

Experience:

• 7 + years in governance, risk, compliance, audit, IT/OT controls, in highly regulated environments.

Candidate must have demonstrable knowledge/experience in:

• IT/OT governance program design and execution (standards, procedures, controls, RACI/RASIC).
• Risk management and control mapping (IEC62443/NIST CSF alignment; understanding of OT constraints).
• Change governance and control conformance across sites (managing exceptions, deviations, and validating compensating controls).
• Strong stakeholder management, facilitation, and conflict resolution (ownership clarity, accountability).
• Audit readiness and evidence management (ITGC/ITAC-style controls, SOX discipline, documentation rigor).
• Program management: milestones, reporting, KPI tracking, continuous improvement.

Physical Requirements/Working Conditions:

• Hybrid schedule: 3 days in the office and 2 days working from home.
• General work is in office, manufacturing, and warehouse environments utilizing a computer and other office equipment.
• Ability to sit or stand for extended periods.
• Ability to lift and carry up to 25 lbs., depending on task as needed.
• Occasionally travel up to 10% or as needed.
• Ability to wear required Personal Protective Equipment (PPE) as required and as designated based on the work location.

Equal Opportunity Employer

FuelCell Energy is an equal-opportunity employer committed to an inclusive and safe work environment for people of all backgrounds.

We offer a competitive compensation package as well as comprehensive benefits including medical, dental, vision, company-paid life/disability insurance, 401(k) plan, employee stock purchase plan, and generous paid leave.

The successful candidate is required to complete a drug screen, criminal background check, and employment and education verification.

FuelCell Energy, Inc. is committed to ensuring that its application process provides an equal employment opportunity to all U.S. job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please send an email with your resume to talentacquisition@fce.com or contact us by calling 860-496-2222. Please indicate the specifics of the assistance needed.

NOTE: This dedicated phone line and email address are designed exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be acknowledged. A response to your request may take up to two business days.

No agency submissions please. Resumes submitted to any FuelCell Energy employee without a current, signed and valid contract in place with the FuelCell Energy Recruiting team for this position will become the property of FuelCell Energy and no agency fees will be paid.

For more information about FuelCell Energy and our available openings, please visit our website: https://www.fuelcellenergy.com/careers

We thank all candidates for their interest in a career with FuelCell Energy. However, only those candidates selected for an interview will be contacted.