Cyber Governance, Risk, and Compliance Manager

Primary Responsibilities

• Creates strategy influencing business methods and integrated security restrictions, weighing complex requirements from the business with industry best practices for security.
• Develops an enterprise strategy for Cyber Security while ensuring scalability and automation across lifecycle - will include strategies for role-based access control and lifecycle management.
• Takes overall responsibility for architecture, planning and delivery of enterprise-level Cyber Security programs.
• Works across teams to document and share Cyber Security best practices for on premise and cloud-based solutions for employees, contractors, and vendors.
• Leads the use of Cyber Security tools (people, process, technology) for the optimization of SOX compliance efforts.
• Ensures overall IT strategy and architecture plans and standards are translated into Cyber Security service programs, methods, and technologies as they align with leading Cyber Security practices.
• Leads application development Cyber Security strategy for both internal service to service as well as end consumer to application authentication and authorization using modern techniques.
• Manages, coaches, leads, and develops a staff of Cyber Security personnel.
• Partners with other business functions on all aspects of Cyber Security strategy and requirements.
• Thinks analytically, and able to understand and report metrics that matter (quantifiable and actionable) then translates into slides executive level audiences with limited technical knowledge can understand.
• Develops and retains a high performing team – drive deep technical ability across the entire Cyber Security team.
• Prioritizes and meets deadlines, goals, and objectives.
• Partners across Technology, Operations, Digital, and Data (TODD) to ensure controls are designed, implemented, and monitored to strengthen risk management, compliance, and cyber security, effectively mitigating risk to levels within the company’s risk appetite.
• Ensures disciplined change management by evaluating risk and control impacts when designing or implementing changes to processes, systems, products, and/or services.

This position is exempt from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay.

This position is incentive eligible.

• Bachelor's degree in Computer Science, Management Information Systems, or related technology or business area and fifteen (15) years of related experience.
• High School Diploma or GED and nineteen (19) years of related experience.
• Leadership and management experience.

• Experience developing role-based access control strategy (including SoD and PAM) and production implementation.
• Experience with Identity Governance Solutions (Azure AD, Okta).
• Experience with Privileged Access Management Solutions (Cyber Ark).
• Experience and strong knowledge access lifecycle management.
• Experience and strong knowledge of SSO solutions (Okta, Azure, etc.).
• Experience with Cloud IAM (AWS, Azure, etc.).
• Excellent verbal and written skills and be comfortable presenting ideas and issues to different levels within and outside of the organization, to include executive leadership, customers, auditors, etc.

• Ability to work under pressure and meet deadlines.
• Ability to think strategically, prioritize tasks, and make sound decisions in a fast-paced environment.
• Advanced level in Microsoft Office (Excel, Word, PowerPoint, Outlook, etc.).
• Demonstrated leadership capabilities.
• Excellent communication, interpersonal, and leadership skills.
• Strong technical knowledge of information security principles, technologies, and best practices.
• Understanding of and ability to interpret applicable rules, regulations, and industry guidance.

• Experience managing and maintaining enterprise cybersecurity policy, program, standards, and guidelines libraries, including periodic updates and lifecycle governance.
• Demonstrated ability to align cybersecurity documentation with regulatory expectations and industry frameworks.
• Proven experience overseeing cybersecurity control libraries, including updates, maintenance, and reporting.
• Experience developing and tracking performance metrics such as OKRs, KRIs, and KPIs to measure control effectiveness and program maturity.
• Experience managing issue tracking and reporting processes for cybersecurity-owned standards and enterprise-wide findings.
• Ability to drive remediation efforts and provide transparent reporting to stakeholders and leadership.
• Experience supporting cybersecurity aspects of vendor contracts, including NDAs and MSAs.
• Demonstrated ability to perform vendor due diligence, contract reviews, and ensure compliance with offshore security requirements (e.g., secure room controls).
• Experience with continuous vendor monitoring tools (e.g., Risk Recon).
• Ability to coordinate and lead annual vendor reviews focused on cybersecurity program maturity.
• Experience supporting or managing HIPAA compliance programs.
• Experience…