Cyber Governance, Risk, and Compliance Manager

About The Position

Requirements

• Bachelor's degree in Computer Science, Management Information Systems, or related technology or business area and fifteen (15) years of related experience Or High School Diploma or GED and nineteen (19) years of related experience
• Leadership and management experience

Nice To Haves

• Experience developing role-based access control strategy (including SoD and PAM) and production implementation
• Experience with Identity Governance Solutions (Azure AD, Okta)
• Experience with Privileged Access Management Solutions (CyberArk)
• Experience and strong knowledge access lifecycle management
• Experience and strong knowledge of SSO solutions (Okta, Azure, etc.)
• Experience with Cloud IAM (AWS, Azure, etc.)
• Excellent verbal and written skills and be comfortable presenting ideas and issues to different levels within and outside of the organization, to include executive leadership, customers, auditors, etc.
• Ability to work under pressure and meet deadlines
• Ability to think strategically, prioritize tasks, and make sound decisions in a fast-paced environment
• Advanced level in Microsoft Office (Excel, Word, PowerPoint, Outlook, etc.)
• Demonstrated leadership capabilities
• Excellent communication, interpersonal, and leadership skills
• Strong technical knowledge of information security principles, technologies, and best practices
• Understanding of and ability to interpret applicable rules, regulations, and industry guidance
• Experience managing and maintaining enterprise cybersecurity policy, program, standards, and guidelines libraries, including periodic updates and lifecycle governance
• Demonstrated ability to align cybersecurity documentation with regulatory expectations and industry frameworks
• Proven experience overseeing cybersecurity control libraries, including updates, maintenance, and reporting
• Experience developing and tracking performance metrics such as OKRs, KRIs, and KPIs to measure control effectiveness and program maturity
• Experience managing issue tracking and reporting processes for cybersecurity-owned standards and enterprise-wide findings
• Ability to drive remediation efforts and provide transparent reporting to stakeholders and leadership
• Experience supporting cybersecurity aspects of vendor contracts, including NDAs and MSAs
• Demonstrated ability to perform vendor due diligence, contract reviews, and ensure compliance with offshore security requirements (e.g., secure room controls)
• Experience with continuous vendor monitoring tools (e.g., RiskRecon)
• Ability to coordinate and lead annual vendor reviews focused on cybersecurity program maturity
• Experience supporting or managing HIPAA compliance programs
• Experience contributing to or leading cybersecurity data governance initiatives, access management, cloud security, GenAI, security engineering, including data classification, protection standards, and oversight processes
• Proven experience understanding and managing operational security functions and technologies inclusive of automation for continuous control assessments leveraging GenAI capabilities to drive governance efficiencies
• Experience operating within large, highly regulated environments, with an emphasis on audit readiness, regulatory compliance, and enterprise-scale risk management

Responsibilities

• Creates strategy influencing business methods and integrated security restrictions, weighing complex requirements from the business with industry best practices for security
• Develops an enterprise strategy for Cyber Security while ensuring scalability and automation across lifecycle - will include strategies for role-based access control and lifecycle management
• Takes overall responsibility for architecture, planning and delivery of enterprise-level Cyber Security programs
• Works across teams to document and share Cyber Security best practices for on premise and cloud-based solutions for employees, contractors, and vendors
• Leads the use of Cyber Security tools (people, process, technology) for the optimization of SOX compliance efforts
• Ensures overall IT strategy and architecture plans and standards are translated into Cyber Security service programs, methods, and technologies as they align with leading Cyber Security practices
• Leads application development Cyber Security strategy for both internal service to service as well as end consumer to application authentication and authorization using modern techniques
• Manages, coaches, leads, and develops a staff of Cyber Security personnel
• Partners with other business functions on all aspects of Cyber Security strategy and requirements
• Thinks analytically, and able to understand and report metrics that matter (quantifiable and actionable) then translates into slides executive level audiences with limited technical knowledge can understand
• Develops and retains a high performing team – drive deep technical ability across the entire Cyber Security team
• Prioritizes and meets deadlines, goals, and objectives
• Partners across Technology, Operations, Digital, and Data (TODD) to ensure controls are designed, implemented, and monitored to strengthen risk management, compliance, and cyber security, effectively mitigating risk to levels within the company’s risk appetite
• Ensures disciplined change management by evaluating risk and control impacts when designing or implementing changes to processes, systems, products, and/or services

Benefits

• Paid Vacation/Sick Time
• 401K with Company Match
• Medical, Dental and Vision Benefits
• Disability Benefits
• Health Savings Account
• Flexible Spending Account
• Life Insurance
• Parental Leave
• Employee Assistance Program
• Associate Volunteer Program