Senior Manager, Information Security Governance, Risk & Compliance

Job Seekers can review the Job Applicant Privacy Policy by clicking .

Job Description

Summary

The Senior Manager, Information Security Governance, Risk, and Compliance (GRC) is an advanced role requiring leadership, team management skills, and technical expertise. The Senior Manager, Information Security GRC leads a team of individuals focused on executing Ryder's global IT Risk Management, Governance, Compliance, and Privacy programs ensuring global compliance with organizational policies, industry standards, and the protection of critical systems and information. The ideal candidate is technical and possesses at least ten years of experience leading, executing, and building corporate-wide Information Security compliance programs. The Senior Manager, GRC, is a subject matter expert for colleagues and a partner to the business on risk mitigation.

Essential Functions

Lead a team of risk, compliance, and privacy experts who partner with global technology teams and business leaders in the execution of Ryders Information Security Management System.

Lead the development and ongoing management of common control and risk management frameworks for measuring the organizational security posture based on industry, regulatory, and customer needs.

Serve as a trusted partner to educate and collaborate on information security and risk management best practices with stakeholders in Corporate Compliance, Enterprise Risk Management, Internal Audit, Physical Security and Safety, Legal, and IT.

Lead the development and ongoing management of global information security policies and corporate standards throughout the organization that align with industry guidance and result in effective methods to reduce security risks.

Lead the development and management of a global third-party risk management program to evaluate new and existing vendors on a regular basis based on their criticality to the business.

Lead the development and management of a global information security customer compliance program which facilitates the processes for handling customer requests for information security attestations, audits, on-site reviews, and remediation of security findings.

Lead the development and management of a modern, engaging, global information security training and awareness program to provide ongoing information security education to all levels of the organization.

Lead the development and management of an IT enterprise risk register to properly catalog, manage, communicate, and assess global IT risks.

Additional Responsibilities

Provide information security due diligence assistance to global business partners as part of Ryders mergers and acquisitions program.

Performs other duties as assigned.

Skills and Abilities

Strong verbal and written communication skillsa keen ability to explain complex technical and security concepts to non-technical business stakeholders and management

Excellent time management, organization, and analytical skills

Demonstrated ability to drive multiple projects to successful completion

Demonstrated ability to educate, coach, and mentor individuals at all organizational levels on information security

Ability to create and maintain professional relationships within all levels of the organization (peers, work groups, customers, supervisors)

Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations advanced required

Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy advanced required

Qualifications

Bachelor's degree required Information Security, Computer Science, related field, or equivalent work experience

Master's degree preferred Information Security, Computer Science, or related field

Eight (8) years or more Experience in Information/Cyber Security field required

Eight (8) years or more Experience as a lead information systems compliance auditor required

Eight (8) years or more Experience in implementing and supporting systems utilizing industry standard frameworks and/or best practices (e.g. NIST, ISO 27001 and 27002, Cloud Security Alliance, etc.) required

Eight (8) years or more in a similar management position or leading/supervising technical teams required

Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations advanced required

Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy advanced required

Other Information Risk, Privacy, or Security Certification (CISSP, CCSK, CCSP, PCSM)

Other Other Information Security or industry technology certifications

Travel

1-10%

DOT Regulated

None

Job Category

Information Security

Compensation Information:

The compensation offered to a candidate may be influenced by a variety of factors, including the candidates relevant experience; education, including relevant degrees or certifications; work location; market data/range