Manager, Information Security & Compliance, CA Job 63.26

Dunn-Edwards Paints•Commerce, CA

14h•$140,000 - $155,000

About The Position

Reporting directly to the CIO, Group VP of Technology, the Manager, Information Security & Compliance leads the enterprise-wide IT security and compliance function for Dunn-Edwards (D-E) and Nippon Paint Automotive Americas (NPAA). This role is accountable for establishing and executing a comprehensive, risk-based cybersecurity program that ensures the organization meets or exceeds industry standards and regulatory requirements. The Manager provides strategic and operational leadership to a team of IT associates and third-party partners, continuously assessing current and emerging technology risks across retail, manufacturing, and corporate environments. The role is responsible for designing and implementing effective security controls, policies, procedures, and best practices to mitigate risk and strengthen organizational resilience. In addition, this leader oversees and documents security-related initiatives and projects, ensuring alignment with business objectives while maximizing the value and protection of existing technology investments. The Manager of Information Security & Compliance serves as the organization’s PCI Internal Security Assessor (ISA) Administrator, providing end-to-end oversight of the PCI DSS program. This includes governance of control design and effectiveness, coordination of annual assessments, and primary ownership of the relationship with the organization’s merchant bank to ensure ongoing compliance and issue resolution. The role also leads annual J-SOX IT General Controls (ITGC) compliance efforts for both D-E and NPAA, partnering closely with third-party auditors to ensure audit readiness, control effectiveness, and timely remediation of findings. Note: The information contained in this job description is for compliance with the Americans with Disabilities Act (ADA) and is not an exhaustive list of the duties performed for this position. Additional duties are performed by the individual holding this position and additional duties may be assigned.

Requirements

College diploma or university degree in computer science, computer information systems, or management information systems and/or 5-7 years equivalent work experience.
5-7 years of experience working in retail and/or manufacturing industry working with internal systems
Background as a Security Analyst, Compliance Analyst, Systems Administrator and/or a role within this field
Experience with Payment Card Institute (PCI) standards
Experience with Sarbanes-Oxley (SOX), J-SOX preferred
Experience working with auditors, systems administrators, and network engineers
Certified Information Security Manager (CISM) preferred
Certified Information Systems Security Professional (CISSP) preferred
PCI Internal Security Assessor (ISA) will be required upon hire
Strong interpersonal skills, ability to communicate and manage well at all levels of the organization and with staff at remote locations essential.
Good understanding of the organization’s goals and objectives.
Knowledge of applicable data privacy practices and laws.
Good written and oral communication skills.
Strong technical documentation skills.
Good interpersonal skills.
Ability to present ideas in a user-friendly language.
Highly self-motivated and directed.
Keen attention to detail.
Proven analytical and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Strong customer service orientation.
Experience working in a team-oriented, collaborative environment.

Nice To Haves

Certified Ethical Hacker (CEH) nice to have

Responsibilities

Develop, implement, and maintain the enterprise information security strategy aligned with corporate objectives and risk tolerance.
Ensure Dunn-Edwards and NPAA meet or exceed the industry average in retail/manufacturing for the Center for Internet Security (CIS) framework or NIST framework.
Maintain effective protection of retail POS systems, manufacturing environments, enterprise networks, endpoints, and hybrid cloud infrastructure.
Establish governance structures, policies, and standards to ensure consistent application of security controls across business units.
Provide executive-level reporting on risk posture, compliance status, cybersecurity maturity, and remediation efforts.
Lead risk assessments and facilitate security review processes for new technologies, systems, and business initiatives.
Lead incident response coordination and continuous improvement of security controls.
Manage a team, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.
Interpret and adhere to the requirements and standards defined by J-SOX, SOX and PCI compliance.
Perform annual PCI compliance, internal/external penetration testing and cybersecurity assessments across the organization (i.e., where applicable); remediate any deficiencies in a timely manner.
Work closely with 3 rd Party auditors and lead J-SOX IT general controls (ITGC) compliance efforts for both D-E and NPAA.
Manage the IT security budget, vendor contracts, renewals, RFP processes, and business case development.
Develop business case justifications and cost/benefit analyses for security spending and initiatives.
Use strong meeting management skills to engage participants in productive work sessions.
Understand organizational behavior and how it influences business solutions.
Successfully engage in multiple initiatives simultaneously.
Deliver assigned projects on time and on budget.
Keep current with technology and direct research on potential hardware/software compliance and security solutions.