Senior Manager, Information Security Governance, Risk & Compliance
Job Seekers can review the Job Applicant Privacy Policy by clicking . Job Description:
Summary
The Senior Manager, Information Security Governance, Risk, and Compliance (GRC) is an advanced role requiring leadership, team management skills, and technical expertise. The Senior Manager, Information Security GRC leads a team of individuals focused on executing Ryder's global IT Risk Management, Governance, Compliance, and Privacy programs ensuring global compliance with organizational policies, industry standards, and the protection of critical systems and information. The ideal candidate is technical and possesses at least ten years of experience leading, executing, and building corporate-wide Information Security compliance programs. The Senior Manager, GRC, is a subject matter expert for colleagues and a partner to the business on risk mitigation. Essential Functions
- Lead a team of risk, compliance, and privacy experts who partner with global technology teams and business leaders in the execution of Ryder’s Information Security Management System.
- Lead the development and ongoing management of common control and risk management frameworks for measuring the organizational security posture based on industry, regulatory, and customer needs.
- Serve as a trusted partner to educate and collaborate on information security and risk management best practices with stakeholders in Corporate Compliance, Enterprise Risk Management, Internal Audit, Physical Security and Safety, Legal, and IT.
- Lead the development and ongoing management of global information security policies and corporate standards throughout the organization that align with industry guidance and result in effective methods to reduce security risks.
- Lead the development and management of a global third-party risk management program to evaluate new and existing vendors on a regular basis based on their criticality to the business.
- Lead the development and management of a global information security customer compliance program which facilitates the processes for handling customer requests for information security attestations, audits, on-site reviews, and remediation of security findings.
- Lead the development and management of a modern, engaging, global information security training and awareness program to provide ongoing information security education to all levels of the organization.
- Lead the development and management of an IT enterprise risk register to properly catalog, manage, communicate, and assess global IT risks.
Additional Responsibilities
- Provide information security due diligence assistance to global business partners as part of Ryder’s mergers and acquisitions program.
- Performs other duties as assigned.
Skills and Abilities
- Strong verbal and written communication skillsa keen ability to explain complex technical and security concepts to non-technical business stakeholders and management
- Excellent time management, organization, and analytical skills
- Demonstrated ability to drive multiple projects to successful completion
- Demonstrated ability to educate, coach, and mentor individuals at all organizational levels on information security
- Ability to create and maintain professional relationships within all levels of the organization (peers, work groups, customers, supervisors)
- Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations advanced required
- Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy advanced required
Qualifications
- Bachelor's degree required Information Security, Computer Science, related field, or equivalent work experience
- Master's degree preferred Information Security, Computer Science, or related field
- Eight (8) years or more Experience in Information/Cyber Security field required
- Eight (8) years or more Experience as a lead information systems compliance auditor required
- Eight (8) years or more Experience in implementing and supporting systems utilizing industry standard frameworks and/or best practices (e.g. NIST, ISO 27001 and 27002, Cloud Security Alliance, etc.) required
- Eight (8) years or more in a similar management position or leading/supervising technical teams required
- Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations advanced required
- Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy advanced required
- Other Information Risk, Privacy, or Security Certification (CISSP, CCSK, CCSP, PCSM)
- Other Other Information Security or industry technology certifications
Travel 1-10% DOT Regulated None Job Category Information Security
Compensation
Information: The compensation offered to a candidate may be influenced by a variety of factors, including the candidate’s relevant experience; education, including relevant degrees or certifications; work location; market data/ranges; internal equity; internal salary ranges; etc. The position may also be eligible to receive an annual bonus, commission, and/or long-term incentive plan based on the level and/or type. Compensation ranges for the position are below: Pay Type: Salaried Minimum Pay Range: $100,000.00 Maximum Pay Range: $130,000.00
Benefits
Information: For all Full-time positions only: Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax-advantaged 401(k) retirement savings plan. Job Seekers can review the Job Applicant Privacy Policy by clicking .