Please mention DailyRemote when applying
Hexion is a global leader in specialty chemicals, delivering innovative solutions that improve performance, sustainability, and efficiency across industries. Our manufacturing operations span multiple continents, integrating complex Operational Technology (OT) environments with enterprise IT systems. As regulatory expectations and cyber risk continue to evolve, Hexion is investing in a mature Governance, Risk, and Compliance (GRC) function to protect our business, our customers, and the integrity of our operations. The Compliance and Risk Manager is a critical role in that function — translating regulatory requirements into operational controls and ensuring that risk is measured, managed, and communicated with rigor.
The Compliance and Risk Manager is a senior practitioner responsible for designing, implementing, and continuously improving Hexion's information security compliance and enterprise risk management programs. This role requires deep expertise across ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, CIS Controls (Levels 1 and 2), and NIST 800-53, with a clear ability to map controls across frameworks and translate requirements into practical, auditable processes.
This role ensures:
This is a practitioner's role. The ideal candidate has spent years in the field — conducting audits, writing controls, managing risk registers, and preparing organizations for certification. They bring the authority of deep experience, the discipline of a compliance professional, and the judgment of a senior risk advisor.
Work Environment & Travel
One-Line Summary
1. Compliance Program Management (ISO 27001 / 27017 / 27018)
Own Hexion's ISO 27001 Information Security Management System (ISMS) and related cloud-specific extensions:
2. SOC 2 Type II Program
Lead Hexion's SOC 2 compliance program across all applicable Trust Services Criteria:
3. CIS Controls Implementation (Levels 1 and 2)
Operationalize the CIS Controls as the enterprise's security baseline framework:
4. NIST 800-53 & Enterprise Risk Framework
Maintain fluency in NIST 800-53 and apply it to enterprise risk governance:
5. Controls Design, Testing & Assurance
Own the internal controls assurance program:
6. Policy & Standards Governance
Maintain the policy architecture that underpins the compliance program:
Leadership Expectations
Experience with:
Certifications (any of the following valued):
We are an Equal Opportunity, Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to gender, pregnancy, race, national origin, religion, age, sexual orientation, gender identity, veteran or military status, status as a qualified individual with a disability or any other characteristic protected by law.
To be considered for this position candidates are required to submit an application for employment through our career site and, be at least 18 years of age. Any offer of employment will be conditioned upon successful completion of a drug test and background investigation, as well as authorization for the Company to conduct additional periodic background checks as required by the Chemical Facility Anti-Terrorism Standards (CFATS) or regulations adopted by the department of Homeland Security or other regulatory agencies. A prior criminal record is not an automatic bar to employment, and the Company will conduct an individualized assessment and reassessment, consistent with applicable law, prior to making any final employment decision.
Stop the endless job search. Our AI finds and applies to the best jobs for you.
Discover remote opportunities in Risk Manager
Answer easy questions
200,000+ jobs across 15+ categories
Get your best job matches
Only hand-screened, legit jobs
Find a remote job faster
No ads, scams, or junk
“ I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!