Security & Privacy Manager - KNA

About The Position

Requirements

• Bachelor's degree in information security, Privacy Engineering, Computer Science, or related field preferred:
• With degree: 8+ years of relevant experience, including 3+ years in a leadership role.
• In lieu of degree: 12+ years of relevant experience.
• Deep knowledge of U.S. and international privacy and cybersecurity regulations.
• Proven experience leading security, privacy, and GRC programs and managing technical teams.
• Expertise in privacy management platforms (e.g., OneTrust), GRC tools, vulnerability management, and cloud environments.
• Strong leadership, communication, and strategic planning skills.

Responsibilities

• Define and execute Kubota's enterprise security and privacy strategy, ensuring alignment with global regulations and corporate objectives.
• Lead and manage Privacy Engineering and GRC teams, including hiring, mentoring, and performance development.
• Serve as the primary escalation point for security and privacy compliance inquiries and strategic initiatives.
• Develop, implement, and manage security and privacy policies, standards, and procedures across the organization.
• Champion enterprise-wide adoption of privacy-by-design and security-by-design principles.
• Interpret and operationalize complex privacy and cybersecurity regulations (GDPR, CPRA, CDPA, NYDFS, FISMA, PCI DSS, SOX) across business units.
• Ensure compliance with frameworks such as NIST Cybersecurity Framework, NIST Privacy Framework, ISO/IEC 27001, and ISO/IEC 27701.
• Monitor regulatory changes and proactively assess organizational impact.
• Direct the configuration, integration, and optimization of privacy and GRC platforms (e.g., OneTrust, ZenGRC, Workiva).
• Oversee enterprise solutions for consent management, vulnerability tracking, and automated compliance workflows.
• Collaborate with IT and Security teams to embed privacy and GRC tooling into cloud and on-prem environments.
• Establish and manage third-party risk programs, including privacy and cybersecurity assessments, contract reviews, and compliance monitoring.
• Develop vendor risk scoring models and dashboards for executive reporting.
• Partner with Legal and Procurement to enforce privacy and security clauses in vendor engagements.
• Oversee vulnerability management processes across privacy and cybersecurity systems.
• Collaborate with the affiliates to ensure timely identification, prioritization, and remediation of vulnerabilities.
• Implement continuous monitoring and reporting of vulnerability status to leadership.
• Integrate cybersecurity risk management into Kubota's business processes.
• Develop and maintain risk registers, control libraries, and compliance dashboards for security and privacy.
• Partner with Internal Audit and Kubota Japan to ensure alignment with corporate governance standards.
• Provide executive-level reporting for affiliate security manages of cybersecurity risks, mitigation strategies, and compliance posture.
• Develop, implement, and manage Kubota's Security Awareness Program to educate employees on cybersecurity best practices.
• Create engaging training content and campaigns to reduce human risk factors (e.g., phishing, social engineering).
• Measure program effectiveness through metrics, reporting, and continuous improvement initiatives.
• Collaborate with HR and Communications to ensure cultural alignment.
• Design and deliver advanced security and privacy training for technical and non-technical audiences.
• Promote awareness through strategic communication and organizational engagement.
• Act as a thought leader and advocate for security and privacy across Kubota's North American operations.
• Provide executive-level reporting on security and privacy metrics, risks, and progress of remediation.
• Support enterprise compliance and risk management initiatives as assigned.