Manager of Security and Compliance - RideNow Allen

RideNow Group•Allen, TX

1d•Onsite

About The Position

The Manager of Security and Compliance is a high-impact, hands-on leadership role responsible for the design, implementation, and oversight of the cybersecurity, data privacy, and regulatory compliance programs for a publicly traded organization. This individual serves as the primary architect of our security posture, ensuring that our technical infrastructure and business processes align with global standards and legal requirements. Reporting directly to the CIO, you will bridge the gap between technical security controls and executive-level risk management. As a "player-coach," you will be expected to not only manage a direct report and external vendors but also to execute directly on policy creation, audit liaison duties, and security hardening initiatives. This is a critical role for ensuring the integrity, availability, and confidentiality of our corporate and customer data.

Requirements

Education: Bachelor’s degree in Computer Science, Information Security, Business Administration, or a related technical field.
Experience: Minimum of 5 years of progressive experience in cybersecurity or IT audit, including at least 2 years of management experience (overseeing both programs and personnel).
Public Company Experience: Proven track record of leading security and compliance functions within a publicly traded environment, with specific experience in SOX (Sarbanes-Oxley)
Framework Expertise: Strong working knowledge of NIST, PCI-DSS, and FACTA.
Hands-on Capability: Experience directly configuring or managing security tools and a demonstrated ability to write technical documentation from scratch.
Leadership: Demonstrated ability to manage a direct report and influence cross-functional stakeholders in Legal, HR, and Finance.
Must be able to sit for prolonged periods of time at workstation.
Must hold at least one of the following: CISSP, CCSP, CISM, TOGAF, or an equivalent industry-recognized certification.

Responsibilities

Regulatory Mapping: Identify and monitor all regulations impacting the organization (including SOX, PCI-DSS, and FACTA). Maintain a risk registry ranking each based on the potential impact of adverse events.
Audit Liaison: Serve as the primary IT point of contact for Internal Audit and external auditors, facilitating evidence collection and remediation tracking.
Third-Party Risk Management: Maintain a comprehensive inventory of vendors sharing company data; track and enforce contractual privacy responsibilities and security assessments.
Policy Ownership: Draft, implement, and perform annual reviews of all information security policies, standards, and procedures.
Three-Year Security Roadmap: Lead the execution of the multi-year IT security hardening plan.
Managed Services Oversight: Own the relationship with the Managed Security Services Provider (MSSP), ensuring high performance, accurate alerting, and continuous monitoring.
Change Control: Own the IT Change Control process to ensure that all impacts are considered for infrastructure and application updates.
Security Awareness: Manage the relationship with our Security Awareness training provider to foster a culture of security across the organization.
Incident Response (IR): Collaborate with Legal, Finance, and Executive leadership to revamp the corporate IR Plan. Lead regular IR simulations and tabletop exercises.
BC/DR: Develop and maintain the Business Continuity and Disaster Recovery plans, ensuring technical recovery capabilities align with business requirements.