Senior Manager, Security Governance

About The Position

Requirements

• 10+ years of experience across cybersecurity, enterprise IT, infrastructure, or OT environments, with demonstrated management of one or more of the following: Security operations, vulnerability management, and patching; Identity and access management (IAM) and privileged access management; Governance, Risk, and Compliance (GRC)
• 5+ years of people leadership experience, including hiring, performance management, and development of technical teams
• Demonstrated experience supporting and governing NERC CIP compliance, including: Asset and system classification; Patch management and vulnerability remediation; Access control, identity governance, and evidence management; Audit preparation, regulatory inquiries, and remediation tracking
• Familiarity with and practical application of NIST Cybersecurity Framework (CSF), NIST 800-53, and/or NIST 800-82 in enterprise or critical infrastructure environments
• Demonstrated experience mapping regulatory requirements (e.g., NERC CIP) to NIST frameworks and using NIST to drive control maturity and risk-based prioritization
• Strong technical and governance knowledge of: Cybersecurity governance, risk management, and compliance frameworks; Patch management tools and enterprise remediation programs; Vulnerability assessment, risk scoring, and remediation lifecycle; Identity and access management (IAM), RBAC, and least privilege models; Logging, monitoring, and control evidence collection
• Experience working in regulated or critical infrastructure environments
• Proven ability to translate regulatory and technical risk into business and operational impact
• Strong communication and stakeholder management skills across technical, operational, and executive audiences

Responsibilities

• Establish and operate enterprise governance aligned to nist cybersecurity framework (csf) and nerc cip, including control mapping, maturity assessment, and consistent execution across it, ot, and cloud environments
• Develop and maintain a nist-aligned security maturity roadmap, using nist csf or 800-53 to assess current state, define target state, and prioritize risk-based improvements
• Oversee and continuously improve incident response and cyber crisis management capabilities, including tabletop exercises and post-incident reviews
• Partner with security operations to ensure detection and response capabilities align with enterprise risk tolerance
• Define, maintain, and enforce security, access control, patching, and vulnerability management policies, standards, and procedures
• Serve as a primary security and compliance authority during nerc cip audits, assessments, and regulatory engagements
• Ensure audit readiness through strong documentation, logging, evidence collection, and control validation
• Develop and execute a multi-year security and compliance roadmap aligned with business priorities, regulatory requirements, and risk posture
• Track compliance risks, remediation commitments, and control effectiveness, escalating issues as needed
• Establish and govern third-party cyber risk management, including vendor assessments, access controls, and ongoing monitoring
• Own iam and identity governance programs, including rbac, least privilege enforcement, separation of duties, and periodic access certifications
• Ensure access control processes integrate with compliance, audit, and security monitoring requirements
• Partner with hr, infrastructure, ot, and cloud teams to ensure secure and compliant onboarding, offboarding, and role changes
• Collaborate closely with infrastructure, ot, cloud, security operations, legal, compliance, and internal audit teams to reduce cyber and compliance risk
• Act as a bridge between technical execution teams and executive leadership
• Translate technical vulnerabilities and compliance gaps into clear, business focused risk narratives
• Coach, mentor, and develop a high performing team through clear goals, feedback, and career development
• Identify capability gaps and build sustainable processes rather than single point technical dependencies
• Evaluate and implement tools and technologies that improve security posture, compliance maturity, and operational efficiency

Benefits

• medical
• dental
• vision
• short and long-term disability
• life insurance
• voluntary benefits
• family care benefits
• employee assistance program
• paid time off and bonding leave
• paid holidays
• 401(k)/RRSP retirement savings plan with employer contribution
• employee referral bonuses