Manager of Cybersecurity Program and Risk

About The Position

Requirements

• 7–10+ years of experience in cybersecurity, technology risk management, or enterprise risk roles.
• Demonstrated ownership of cybersecurity or technology risk programs.
• Experience with third-party risk management, risk registers, audits, and compliance documentation.
• Ability to translate technical risk into executive-level business impact.
• Strong judgment, stakeholder management, and ability to influence without authority.
• Experience in manufacturing, food, CPG, or industrial environments.
• Practical experience with NIST CSF, ISO 27001, or similar frameworks.
• Exposure to multi-entity or subsidiary operating models.
• Experience presenting risk to executive leadership or Boards.

Responsibilities

• Own the enterprise cybersecurity risk framework, including identification, assessment, prioritization, and mitigation tracking.
• Maintain and mature the cybersecurity and technology risk register with clear risk statements, ownership, and mitigation plans.
• Develop and execute a multi-year cybersecurity program roadmap aligned to business strategy.
• Facilitate cybersecurity maturity assessments and pragmatic improvement planning.
• Own cybersecurity risk management for third parties, suppliers, logistics partners, co-manufacturers, and SaaS vendors.
• Define and enforce cybersecurity requirements in contracts and ensure evidence-based compliance.
• Coordinate vendor risk assessments and remediation activities with Procurement and Legal.
• Ensure subsidiaries comply with corporate cybersecurity policies and minimum standards.
• Prepare cybersecurity risk materials for leadership and governance committees.
• Translate cybersecurity risk into business, operational, and reputational impact.
• Support audits, assessments, and external reviews with defensible documentation.
• Develop dashboards and executive metrics to show risk posture and trend visibility.
• Own the enterprise security awareness and phishing simulation program.
• Analyze trends and recommend corrective actions to reduce human risk.
• Partner with HR and Communications to embed cybersecurity into company culture.
• Maintain awareness across incident response, vulnerability management, IAM, and endpoint security.
• Coordinate security initiatives without owning day-to-day technical operations.
• Ensure clarity of ownership and risk coverage across teams and vendors.

Benefits

• Medical, dental and vision benefits.
• 401k with Company match.
• Paid time off including vacation, sick time and holidays.
• Education Assistance Program.
• Life Insurance and Short-Term Disability.
• Discounts on Blount products at Company retail location.
• Discretionary Annual Bonus Program.