Swoopd

Director, Cybersecurity & GRC

Form Energy·Ashby
Berkeley, CA · Somerville, MA · Weirton, WVFullTimeUSD 199950-293835 per yearPosted Jun 29, 2026
Open original posting

Are you ready to build America’s energy future? Form Energy is an American manufacturing and energy technology company. We’re revolutionizing energy storage with cost-effective, multi-day technology designed to keep the electric grid secure and reliable, even during extended periods of stress. By strengthening the electric system and reimagining what’s possible, we’re giving clean energy a whole new form! 

In recent years, Form Energy has earned a number of accolades, including being named by TIME as a “Best Invention”, MIT Technology Review as a “Top Climate Tech Company To Watch”, and Fast Company as “One of the Next Big Things In Tech”. We are making rapid progress on our mission of delivering energy storage for a better world, and our team is growing just as rapidly to meet demand. We have signed contracts with leading electric utilities across the United States and production of our iron-air batteries is underway at our first high-volume manufacturing facility in West Virginia.

Working for Form Energy is more than just a job, it’s a chance to be part of something extraordinary. And now - right as we significantly scale up battery manufacturing -  might be the most exciting moment in the company’s history to join. We are assembling a team of highly talented and driven individuals across the country. Driven by our core values of humanity, excellence, and creativity, our team is determined to deliver on our mission and transform the energy landscape for the better.

Feeling energized to make a meaningful impact on the world? Then keep reading - you’ve come to the right place.

Role Description

As Form Energy matures and scales, the Director of Cybersecurity & GRC builds and leads our cybersecurity and IT governance, risk, and compliance programs. This is a CISO-track leadership role: you will set strategy and lead a team — a GRC Manager who owns IT general controls end-to-end, a Staff Security Engineer, and a Senior Security Engineer — while owning the security program, the policy and standards lifecycle, enterprise IT risk, and the external-audit relationship. You will mature an ISO 27001-aligned information security management system and the controls a maturing, compliance-intensive company depends on, backstopped by an external advisor.

This is a hybrid role, which will require working onsite from one of our office locations 3+ days per week.

Relocation assistance is available.

What you'll do:

  • Lead the cybersecurity program: endpoint detection and response / managed detection and response, email and web security, identity and access management, vulnerability management, threat detection, and incident response; manage security vendors and the managed SOC.

  • Own IT governance, risk, and compliance — directing a GRC Manager who owns ITGC design, operation, and evidence end-to-end; the policy and standards lifecycle within an ISO 27001-aligned ISMS; the enterprise IT risk register; control mapping; and exception/issue tracking.

  • Design a control framework synergistic across ITGC, SOC 2, ISO 27001, and NIST 800-171 / CMMC scopes as required by the business and customer contracts.

  • Serve as the primary IT liaison to external auditors and readiness advisors — driving audit readiness, supporting fieldwork, and tracking remediation to closure; direct the external advisor backstop.

  • Mature incident response and disclosure governance: incident response plan and tabletop exercises, and the cyber incident-disclosure and materiality-determination process in partnership with Legal, Finance, and IT, aligned to applicable regulatory and disclosure obligations.

  • Establish data classification, retention, and encryption standards, and a vendor / third-party security risk program.

  • Partner on the IT/OT security boundary and with product security, without owning operational technology or on-product (battery) cybersecurity.

  • Report cybersecurity and compliance posture to leadership and governance bodies in clear, decision-ready terms.

  • Lead, coach, and develop the cybersecurity and GRC team; hire selectively against clear capability gaps.

What you'll bring:

  • 10+ years in cybersecurity and/or IT GRC, including 5+ years in leadership (CISO-track).

  • Deep ITGC experience — control design, operation, and audit — in a compliance-intensive or scaling-company setting, with the judgment to direct a GRC Manager and external advisors.

  • Breadth across the security program: IAM, EDR/MDR, vulnerability management, and incident response, with fluency in recognized frameworks (ISO 27001, SOC 2, NIST CSF / 800-53; NIST 800-171 / CMMC a plus).

  • Experience as an external-audit liaison, plus policy authorship and lifecycle ownership.

  • Strong people leadership and executive-grade communication, including board-quality reporting.

Preferred Qualifications:

  • Experience in manufacturing, energy, or critical-infrastructure sectors.

  • Experience standing up a first-time formal IT controls environment in a scaling company.

  • Certifications such as CISSP, CISA, CISM, or CRISC.

  • Familiarity with privacy regimes (GDPR / CCPA) and AI governance frameworks (Form Energy’s AI governance is led separately within the Chief Digital Officer organization; this role collaborates rather than owns it).

#LI-Hybrid

#LI-CB1

Humanity is a cornerstone of Form Energy’s culture, and we make sure our compensation and benefits reflect that. Form Energy offers competitive salaries, stock options, and a holistic benefits package to ensure all employees have what they need to thrive while working here. 

When it comes to you and your family’s health, we cover 100% of medical, dental, and vision premiums for full-time employees - and 80% of healthcare premiums for dependents. This starts from day one. We also offer at least 12 weeks of paid leave for new parents (up to 20 weeks for birthing parents), and generous vacation policies to give employees time to recharge when needed. 

To build America’s energy future, we need everyone at the table. We are proud to be an equal opportunity employer, and encourage candidates from all backgrounds to apply to our open jobs.


If you may require reasonable accommodations to participate in our interview process, please contact accommodations@formenergy.com. Requests for accommodations will be treated with discretion.

Form Energy is committed to maintaining the privacy of our applicants. Please be aware that we will never solicit sensitive personal information such as Social Security numbers or bank account details during the recruiting or hiring process.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free