Manager, Information Security & Compliance, CA

Overview

Job Title:

Manager, Information Security & Compliance. Reports to the CIO, Group VP of Technology. Leads the enterprise-wide IT security and compliance function for Dunn-Edwards (D-E) and Nippon Paint Automotive Americas (NPAA). Responsible for establishing and executing a comprehensive, risk-based cybersecurity program that ensures the organization meets or exceeds industry standards and regulatory requirements. Provides strategic and operational leadership to a team of IT associates and third-party partners, continuously assessing current and emerging technology risks across retail, manufacturing, and corporate environments.

Designs and implements effective security controls, policies, procedures, and best practices to mitigate risk and strengthen organizational resilience.

Salary: $140,000 - $155,000 per year.

In addition, this leader oversees and documents security-related initiatives and projects, ensuring alignment with business objectives while maximizing the value and protection of existing technology investments. The Manager of Information Security & Compliance serves as the organization’s PCI Internal Security Assessor (ISA) Administrator, providing end-to-end oversight of the PCI DSS program, including governance of control design and effectiveness, coordination of annual assessments, and primary ownership of the relationship with the organization’s merchant bank to ensure ongoing compliance and issue resolution.

The role also leads annual J-SOX IT General Controls (ITGC) compliance efforts for both D-E and NPAA, partnering closely with third-party auditors to ensure audit readiness, control effectiveness, and timely remediation of findings.

Note:

The information contained in this description is for compliance with the Americans with Disabilities Act (ADA) and is not an exhaustive list of duties. Additional duties may be assigned.

• Develop, implement, and maintain the enterprise information security strategy aligned with corporate objectives and risk tolerance.
• Ensure Dunn-Edwards and NPAA meet or exceed the industry average for the Center for Internet Security (CIS) framework or NIST framework.
• Protect retail POS systems, manufacturing environments, enterprise networks, endpoints, and hybrid cloud infrastructure.
• Establish governance structures, policies, and standards to ensure consistent application of security controls across business units.
• Provide executive-level reporting on risk posture, compliance status, cybersecurity maturity, and remediation efforts.
• Lead risk assessments and facilitate security review processes for new technologies, systems, and business initiatives.
• Lead incident response coordination and continuous improvement of security controls.
• Manage a team, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.
• Interpret and adhere to requirements and standards defined by J-SOX, SOX, and PCI compliance.
• Perform annual PCI compliance, internal/external penetration testing, and cybersecurity assessments; remediate deficiencies in a timely manner.
• Work closely with third-party auditors and lead J-SOX IT general controls (ITGC) compliance for both D-E and NPAA.
• Manage the IT security budget, vendor contracts, renewals, RFP processes, and business case development.
• Develop business case justifications and cost/benefit analyses for security spending and initiatives.
• Use strong meeting management skills to engage participants in productive work sessions.
• Understand organizational behavior and how it influences business solutions.
• Engage in multiple initiatives simultaneously and deliver projects on time and on budget.
• Stay current with technology and conduct research on potential hardware/software compliance and security solutions.

• Supervises (based on role):
• Security Analysts
• Compliance Analysts
• 3rd party vendors including Security Operations Center (SOC) or managed security providers

The individual must be able to perform each essential job duty and responsibility satisfactorily. The following requirements describe the knowledge, skills, and abilities needed for the role.

• College diploma or university degree in computer science, computer information systems, or management information systems and/or 5-7 years of equivalent work experience.
• 5-7 years of experience in retail and/or manufacturing industry working with internal systems.
• Background as a Security Analyst, Compliance Analyst, Systems Administrator, or similar role.
• Experience with Payment Card Industry (PCI) standards.
• Experience with SOX, J-SOX preferred.
• Experience working with auditors, systems administrators, and network engineers.
• Certified Information Security Manager (CISM) preferred.
• Certified Information Systems Security Professional (CISSP) preferred.
• Certified Ethical Hacker (CEH) preferred.
• PCI Internal Security Assessor (ISA) will be required upon hire.

• Strong…