Senior Manager, Information Security Governance, Risk & Compliance

About The Position

Requirements

• Bachelor's degree required Information Security, Computer Science, related field, or equivalent work experience
• Eight (8) years or more Experience in Information/Cyber Security field required
• Eight (8) years or more Experience as a lead information systems compliance auditor required
• Eight (8) years or more Experience in implementing and supporting systems utilizing industry standard frameworks and/or best practices (e.g. NIST, ISO 27001 and 27002, Cloud Security Alliance, etc.) required
• Eight (8) years or more in a similar management position or leading/supervising technical teams required
• Familiarity of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR and global regulations advanced required
• Experience in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategy advanced required

Nice To Haves

• Master's degree preferred Information Security, Computer Science, or related field
• Risk, Privacy, or Security Certification (CISSP, CCSK, CCSP, PCSM)
• Other Information Security or industry technology certifications

Responsibilities

• Lead a team of risk, compliance, and privacy experts who partner with global technology teams and business leaders in the execution of Ryder’s Information Security Management System.
• Lead the development and ongoing management of common control and risk management frameworks for measuring the organizational security posture based on industry, regulatory, and customer needs.
• Serve as a trusted partner to educate and collaborate on information security and risk management best practices with stakeholders in Corporate Compliance, Enterprise Risk Management, Internal Audit, Physical Security and Safety, Legal, and IT.
• Lead the development and ongoing management of global information security policies and corporate standards throughout the organization that align with industry guidance and result in effective methods to reduce security risks.
• Lead the development and management of a global third-party risk management program to evaluate new and existing vendors on a regular basis based on their criticality to the business.
• Lead the development and management of a global information security customer compliance program which facilitates the processes for handling customer requests for information security attestations, audits, on-site reviews, and remediation of security findings.
• Lead the development and management of a modern, engaging, global information security training and awareness program to provide ongoing information security education to all levels of the organization.
• Lead the development and management of an IT enterprise risk register to properly catalog, manage, communicate, and assess global IT risks.
• Provide information security due diligence assistance to global business partners as part of Ryder’s mergers and acquisitions program.
• Performs other duties as assigned.

Benefits

• comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options
• paid time off for vacation, illness, bereavement, family and parental leave
• a tax-advantaged 401(k) retirement savings plan