IT Security Manager

IT Security Manager
Role Summary

Lead regional cybersecurity operations and act as the primary interface to the global Information Security program for North and South America
. Oversee incident response, risk management, compliance, and security governance across cloud, hosted, and onprem environments in a highly collaborative, regulated setting.

Regional Leadership & Governance

• Serve as the regional security lead/SME and point of contact for North and South America
  .
• Align regional execution with global security strategy in partnership with the CISO and Global IT.
• Balance risk, compliance, and business objectives; coordinate with regional/global IT and business stakeholders.

Security Operations & Incident Response

• Own the regional incident response program (playbooks, escalation, tabletop exercises, postincident reviews).
• Manage and close security tickets/requests with proper prioritization, escalation, and documentation.
• Coordinate with internal teams and third-party providers during security events; ensure continuity/regulatory expectations are met.
• Validate remediation and track closure of vulnerabilities/issues; drive single pane visibility of ongoing issues.

Security Tooling (Ownership & Optimization)

• Own, tune, and monitor regional security tools; document processes and configurations for audit readiness.
• Identify gaps and improve detection, response, and operational efficiency across the security stack.

Cloud & Platform Security

• Support hardening for cloud infrastructure and SaaS platforms.
• Conduct/review vendor and platform risk assessments.
• Maintain data inventories and dataflow maps with IT Governance.

Compliance, Risk & Governance

• Support audits/certifications (e.g., SOC 2, ISAE 3402, ISO).
• Drive adoption of global security policies and standards in the region.
• Support AI governance (security controls/oversight for AI tools and platforms).
• Contribute to data protection and information governance initiatives.
• Monitor emerging threats, trends, and regulatory expectations and apply insights regionally.

Training & Cross Functional Collaboration

• Lead security awareness/training for technical teams, business users, and leadership.
• Partner with IT, Legal, Compliance, HR, and business leaders to embed security into processes.
• Provide riskbased oversight for critical enterprise platforms (ERP, CRM, HR).
• Ensure controls enable operations and do not unduly impede outcomes.

Projects & Advisory

• Research and analyze security questions; advise on risk mitigation and remediation strategies.
• Lead/support complex, cross functional security initiatives.

• 5 years leading cybersecurity programs/functions in regulated environments; experience in global organizations with multicountry scope.
• Bachelor s in Computer Information Systems or related field (
  Master s preferred
  ).
• Professional certifications CISSP/CISM preferred (or in progress).
• Strong knowledge of cloud/onprem security, hardening, and SaaS/third party risk management.
• Experience supporting SOC 2 and ISO audits.
• Handson with enterprise security, compliance, and cloud platforms.
• Excellent communication and stakeholder influence; strong prioritization and execution ownership.
• Solid background in endpoint/network troubleshooting and support; advanced skills with Microsoft Outlook and Office.
• Spanish or French fluency is a plus.
• Willingness/ability to travel as required.

• Build quality into all work; comply with applicable U.S. and worldwide quality and compliance regulations (e.g., FDA as relevant to the role/industry).
• Complete required training; maintain documentation and audit readiness.

• Fastpaced global environment with shifting priorities; occasional evenings/weekends for incidents, audits, or critical needs.
• Regular computer and collaboration tool use; effective communication with internal/external stakeholders.
• Participation in onsite meetings, audits, or regional activities as needed.
• Ability to commute to a regional office as required (e.g., ~2 days/week).

• Authority: Empowered to coordinate and assess work affecting quality and security in the region; independence to escalate risk and drive remediation.
• Supervision: No direct reports.
• Internal Contacts: CISO; global/regional security and IT (infrastructure, applications, operations); business leaders across North and South America
  ;
  Legal, Compliance, Risk, HR, Privacy; executive leadership for risk/incident/compliance matters.
• External Contacts: Third party vendors/MSPs/technology partners; auditors, consultants, and assessors; regulatory bodies and industry partners; incident response and advisory partners.