Cybersecurity GRC Manager

About USANA
Since 1992, USANA has provided the world with the highest-quality products focused on nutritional supplements, skincare, and a healthy lifestyle. Our commitment to excellence goes far beyond our products. USANA is dedicated to sharing our vision of health by empowering a global family of incredible employees based in more than 20 different markets around the world. Community is at our core, and we strive to be open-minded listeners, hold ourselves and others accountable, be respectful, and celebrate the strength that comes from collaboration. Through initiatives like our Diversity, Equity, and Inclusion Council, we create a company culture where all members of the USANA Family feel cared for, included, and valued.

Position location: Salt Lake City, Utah; hybrid/on-site

Who We Are Looking For

We are looking for an experienced individual to join USANA’s security team as a Cybersecurity GRC Manager. In this position, you will be responsible for leading and managing the organization’s cybersecurity governance, risk, and compliance (GRC) programs. This role will focus on conducting cyber risk assessments, implementing risk mitigation strategies, developing and enforcing security policies, and overseeing user awareness training. You will also serve as the primary liaison to internal audit teams, work closely on PCI compliance efforts, and assist with the development of key cybersecurity metrics.

What You Will Do as USANA’s Cybersecurity GRC Manager

• Monitor and report on the organization's risk posture, providing regular updates.
• Ensure cybersecurity policies are aligned with industry best practices, regulatory requirements, and organizational goals, and work with USANA business units to ensure policies are understood and enforced.
• Design and continually update security awareness training programs to educate employees on best practices, security policies, and compliance requirements.
• Oversee PCI compliance initiatives and collaborate with internal teams to ensure adherence to PCI-DSS requirements.
• Develop, maintain, and report on key cybersecurity metrics to track the effectiveness of security programs.
• Manage the cybersecurity aspects of vendor risk, conducting due diligence, risk assessments, and contract reviews for third-party vendors.
• Identify and mitigate risks associated with adopting and implementing AI technologies within the organization.
• Work closely with the data privacy team to ensure alignment between cybersecurity and data protection requirements, including GDPR, CCPA, and other privacy regulations.
• Collaborate with legal counsel on regulatory compliance and security matters, ensuring legal obligations are met and that risk management strategies are in place.

Background and Skills You Will Need

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 5-7 years of experience in cybersecurity governance, risk management, and compliance.
• Proven experience in conducting risk assessments, developing security policies, and managing security awareness training.
• Experience working with regulatory frameworks such as PCI-DSS, GDPR, CCPA, and SOX.
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, PCI-DSS).
• Knowledge of AI risks and emerging technologies in cybersecurity.
• Experience managing vendor risk, including third-party assessments.
• CGRC or equivalent certification is preferred.

What will make you stand out

• Masters Degree.

Benefits of Being Part of the USANA Family

We offer incredible benefits like health, dental, vision, life, and disability insurance; on-site medical and mental health clinic, chiropractic visits, massages, fitness classes, and a full-service gym; free and discounted USANA products; 401k match and profit-sharing bonuses; internal and external opportunities for learning and development; paid parental leave for both primary and secondary caregivers, and generous paid time-off to help you balance work and home!

USANA Health Sciences, Inc. will never ask candidates to submit personal identifiable information via email or attachments. Such information will only be collected by candidates logging into and submitting through our secure HR management portal. If you are requested to provide information via an unsecure source, please delete the email and contact USANA directly.