Senior Manager, Security Operations & Governance, Risk, and Compliance

TAMKO•Coppell, TX

4h•Onsite

About The Position

TAMKO is seeking a new Senior Manager, Security Operations & GRC role to lead the daily security operations, compliance, and SAP security functions within the Cybersecurity organization. This position is being created in response to the growing maturity, scale and complexity of TAMKO's security program across corporate and manufacturing facilities. Reporting directly to the CISO, the Senior Manager is accountable for the day-to-day operational health of Security Operations, the enterprise Governance, Risk, and Compliance program, application security administration, entitlements and security assessments. The role partners closely with the Cyber Engineering function — which owns strategy, architecture, threat hunting, digital forensics, detection engineering, and AI cyber capabilities — to ensure a seamless handoff between engineered capability and operational execution. This is a working-leader role that combines hands-on program ownership with multi-team leadership. The Senior Manager is expected to drive measurable outcomes against the NIST Cybersecurity Framework (CSF 2.0) and CIS Controls v8.1, translate technical risk posture into executive-ready narratives for the CIO and Executive Leadership Team, and serve as a senior escalation point for audit findings and risk exceptions impacting IT, OT, and SAP environments.

Requirements

Bachelor's degree in Information Systems, Computer Science, Cybersecurity, Engineering, or a related discipline — or equivalent demonstrated experience.
Minimum 15 years of progressive experience in cybersecurity or GRC roles, with at least 10 years in a people-leadership role managing security operations and/or GRC functions.
Preferred experience operating a SOC or MDR relationship, including alert triage, incident response coordination, and executive communication during active incidents.
Hands-on working knowledge of the NIST Cybersecurity Framework and CIS Controls v8.1, and a modern risk management methodology; exposure to NIST AI RMF strongly preferred.
Experience governing application security, including segregation of duties and privileged access management.
Preferred proven ability to lead cybersecurity programs in an OT-intensive environment — ideally manufacturing, process industries, or critical infrastructure — including coordination with plant operations leadership.
Strong written and verbal communication skills with demonstrated ability to author executive- and board-level documents.

Nice To Haves

Direct experience operationalizing AI governance artifacts (steering committee charters, MCP security protocols, model inventories, or AI RMF control mappings).
Experience managing third-party and vendor risk for a privately held manufacturer, including cyber insurance renewal support.
Familiarity with privileged access management, Active Directory RBAC hardening, and service account governance at enterprise scale.
Experience building and running cybersecurity tabletop exercises for executive audiences.
CISSP — Certified Information Systems Security Professional
CISA – Certified Information Systems Auditor
CISM — Certified Information Security Manager
CRISC — Certified in Risk and Information Systems Control
GIAC GSLC, GCIH, or GSNA
SAP Security certification or equivalent demonstrated expertise
AI governance credential (e.g., IAPP AIGP) — emerging preference

Responsibilities

Security operations run state: monitoring, alert triage, initial investigation, incident response coordination, and lifecycle management of security operations tooling.
Governance, Risk, and Compliance program execution — policy, control framework, risk register, audit, and vendor risk.
Business critical security administration and access governance.
AI governance operations — policy enforcement, steering committee administration, and control evidence.
Executive-facing reporting and communication for the SecOps & GRC pillar.
Own the end-to-end operational security operations lifecycle: monitoring, alert triage, escalation, incident response coordination, containment support, and post-incident reporting across IT and OT environments.
Manage the operational posture of the visibility program, driving remediation closure across severity tiers in coordination with other teams.
Coordinate incident response activities, engaging Cyber Engineering for forensic depth and external partners (IR retainer, legal, insurance) as warranted.
Responsible for the cybersecurity tabletop exercise program and translate findings into runbook, control, and process improvements.
Operate TAMKO's GRC program against common security frameworks, including the control inventory, evidence collection cadence, and executive scorecard.
Manage third-party and vendor risk assessments, including datacenter and infrastructure due-diligence reviews, SaaS security questionnaires, and contractual security terms.
Own the enterprise cyber and technology risk register; facilitate quarterly risk reviews and coordinate risk acceptance decisions through the Information Security Steering Committee (ISSC).
Lead internal audit readiness and remediation activities, including evidence packaging for cyber insurance renewal and customer-driven assessments.
Maintain the cybersecurity policy and standard library, driving an annual review cycle and ensuring alignment between published standards and operational reality.
Operationalize TAMKO's AI governance framework.
Facilitate the enterprise inventory of approved, watch-listed, and prohibited AI platforms and models; route material changes through the AISC in partnership with Cyber Engineering's technical AI risk review.
Execute the minimum viable control set derived from common security frameworks, producing evidence deliverables and reporting control coverage to the CISO on a defined cadence.
Oversee security administration and role design in partnership with the business owners, ensuring segregation of duties (SoD) and least-privilege across relevant application environments.
Govern privileged access to relevant systems, including firefighter/emergency access procedures, quarterly user access reviews, and audit-ready evidence of SoD remediation.
Coordinate with Finance, Internal Audit, and business critical application functional teams on control testing.
Build, lead, coach, and develop a multidisciplinary team spanning SecOps, GRC, and business application security; set quarterly objectives tied to the cybersecurity strategic roadmap.
Run performance management with clear accountability standards — including structured improvement plans when warranted — and invest in the career growth of high performers.
Build and maintain an on-call and response posture that is resilient to single points of failure, including remote staff.
Establish a culture of documentation, runbook rigor, and post-incident learning across the pillar.
Contribute weekly content to the CISO's executive leadership update (Security Ops & GRC sections) in the established format for CIO distribution.
Produce board- and CIO-ready deliverables: control scorecards, incident after-action reviews (AARs), risk briefs, and program status decks.
Represent the SecOps & GRC pillar in the AI Steering Committee, Information Security Steering Committee, and cross-functional operational resilience forums.
Translate technical posture into business language for the CEO, CFO, General Counsel, and ELT — particularly around AI risk, OT/IT convergence, and cyber insurance posture.