Manager, Information & Cybersecurity Strategy

About The Position

Requirements

• Typically requires a 4-year degree in a relevant field, or equivalent combination of relevant education and experience.
• Typically requires 8 years of related experience.
• Project Lifecycle Execution – Demonstrates the ability to plan, monitor, and deliver IT projects across initiation, planning, execution, and closure while adhering to defined scope, schedule, and budget.
• Technical Requirements Analysis – Interprets business needs, system interdependencies, and technology constraints to produce actionable project requirements and translate them for technical and non‑technical audiences.
• Agile Delivery Practices – Applies Scrum, Kanban, or hybrid Agile methods to manage backlogs, facilitate ceremonies, track progress, and ensure iterative delivery aligned with stakeholder expectations.
• Risk and Issue Management – Identifies, analyzes, and mitigates project risks and issues by developing contingency plans, escalating when necessary, and tracking resolution through completion.
• Stakeholder Alignment – Builds and maintains constructive relationships with sponsors, cross‑functional teams, customers, and vendors, ensuring clarity of expectations, consistent communication, and shared understanding of project goals.
• Resource and Capacity Coordination – Allocates and balances resources effectively across project phases by evaluating workload, identifying constraints, and securing needed support to maintain project momentum.
• Performance Tracking and Reporting – Develops and maintains dashboards, status reports, and project metrics that provide accurate visibility into progress, risks, dependencies, and outcomes for diverse audiences.
• Change Control Governance – Implements structured change‑management processes, evaluates impacts on schedule and scope, and gains approvals before integrating changes into project baselines.
• Vendor and Third‑Party Coordination – Oversees supplier deliverables, ensures compliance with service agreements, and maintains alignment between internal teams and external partners throughout the project timeline.
• Continuous Improvement Mindset – Analyzes project outcomes, identifies recurring challenges, proposes enhancements to processes, and contributes to organizational learning through post‑implementation reviews.

Nice To Haves

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, Information Systems, or a closely related discipline is preferred.
• 8+ years in cybersecurity governance, risk, or compliance with 3+ years managing teams.
• Proven ability leading enterprise risk reporting, policy enablement, IRM platform execution, and executive tabletop exercises.
• Experience engaging executive and board-level stakeholders.
• Experience in a regulated industry.
• CISSP, CISM, or CRISC is preferred.

Responsibilities

• Structures and delivers enterprise-wide cyber risk reporting for executive leadership and the board; maintaining governance forums and decision-support mechanisms that enable leadership visibility into risk posture and decision making.
• Authors, deploys, and maintains cybersecurity policies, standards, and procedures aligned with regulatory requirements, industry frameworks, and organizational risk appetite.
• Administers policy exception process, including intake, risk-based evaluation, approval workflows, and tracking through resolution or acceptance.
• Partners with operational cyber teams, IT, legal, compliance, safety, audit, supply management, and business stakeholders to ensure cybersecurity governance requirements are integrated into enterprise processes and regulatory obligations are met.
• Drives the evolution and operational effectiveness of enterprise IRM platforms (e.g., ServiceNow) to enable risk reporting, issue tracking, remediation management, and policy exception facilitation.
• Plans and executes cybersecurity maturity assessments and executive-level tabletop exercises to evaluate organizational preparedness and identify capability gaps.
• Continuously evaluates, streamlines, and enhances cybersecurity governance tools, platforms, and workflows to improve operational efficiency, reduce manual effort, eliminate redundancy, and accelerate program delivery. This includes identifying automation opportunities, rationalizing toolsets, and ensuring governance processes scale effectively with organizational growth and evolving threat landscapes.
• Directly manages a team of professionals responsible for executing cybersecurity governance programs. This includes workforce planning, performance management, coaching and mentorship, workload balancing, succession planning, and fostering a culture of accountability and professional growth.
• Performs other duties as assigned.