Senior Manager – Information Security & Global Compliance

About The Position

Requirements

• 12+ years of experience in Information Security
• Strong hands-on experience in: Vulnerability management in Rapid7, Endpoint security and patching, Identity and access management
• Proven experience implementing: CMMC, NIST 800-171 / NIST CSF
• Experience driving execution across multiple teams and functions
• Strong understanding of IT infrastructure, cloud environments, and enterprise systems
• Experience managing small teams

Nice To Haves

• Experience in global organizations with multi-region compliance requirements
• Familiarity with: GDPR or regional data protection laws, GCC High / secure enclave environments
• Experience supporting audits and regulatory assessments
• Certifications: CISSP, CISM, Security+

Responsibilities

• Security strategy & execution: Translate security policies and frameworks into practical implementation plans across IT, EA, and Cloud teams
• Drive execution of key initiatives: Vulnerability management, Patch compliance, Endpoint security, Identity & access management
• Establish and enforce security standards across systems and platforms
• Global compliance & governance: Lead implementation of global compliance frameworks: CMMC, NIST 800-171 / NIST CSF, Regional regulatory requirements (e.g., GDPR, UK/EU compliance)
• Translate controls into operational processes and technical enforcement
• Ensure audit readiness, evidence collection, and control validation + Maintain consistency of compliance practices across global teams
• Vulnerability & risk management: Own vulnerability management program
• Define remediation SLAs and track execution
• Partner with IT, Cloud, and Application teams to drive remediation
• Provide clear reporting on risk posture and trends
• Cross-functional leadership: Act as the bridge between InfoSec, IT, EA, Cloud, and regional teams
• Drive accountability without direct authority
• Embed security into system design, delivery, and operations
• Identity & endpoint security: Oversee identity governance and access control models (least privilege, RBAC)
• Ensure endpoint security and system hardening standards are implemented
• Partner with IT to enforce secure configurations
• Security & compliance reporting: Define and track key metrics
• Vulnerability remediation timelines, Patch compliance rates, Control effectiveness
• Deliver executive-level reporting on global security posture
• Highlight risks, gaps, and remediation progress
• Track and report key security metrics
• Vendor security: Evaluate vendor security and compliance posture
• Ensure security requirements are included in onboarding and renewals
• Partner with procurement and IT to manage third-party risk
• Team leadership: Manage and coach a team of 2 InfoSec professionals
• Set priorities and ensure execution of security and compliance initiatives
• Drive accountability, growth, and performance within the team

Benefits

• Jensen Hughes offers a competitive total rewards package, which includes a retirement plan, healthcare coverage, and a broad range of other benefits.
• Incentives and/or benefit packages may vary depending on the position and location.