Lead the development, maintenance, and enforcement of a comprehensive cybersecurity policy framework
Translate complex regulatory requirements into actionable, auditable operating procedures for IT and other teams
Manage the cybersecurity budget, optimizing security to value across talent, tooling, and third party services
Direct implementation and continuous review of global and sectoral mandates, including GDPR, PCI DSS, DFARS/CMMC, CCPA/CPRA, and SOX
Engage with external vendors and auditors on matters of cybersecurity oversight and assurance
Convert qualitative technical risks into quantified business impacts to inform prioritization and investment
Develop and maintain the Enterprise Cyber Risk Register and integrate it with the broader ERM framework
Establish and report KRIs and KPIs to the Board and Executive Leadership; enforce the enterprise risk appetite across initiatives
Manage the end to end lifecycle of vendor security—from pre contract due diligence to continuous monitoring of critical SaaS and infrastructure partners
Lead the red team, penetration testing, and cyber maturity assessment programs
Design and deliver high impact training that goes beyond “check the box” compliance to build true security ownership across the workforce

CRISC, CGEIT, CISM, or CISA required
CISSP preferred
10+ years in Cybersecurity, with at least 5 years in a leadership role managing complex GRC (Gov, Risk Mgt & Comp) functions
Deep familiarity with the NIST Cybersecurity Framework , ISO 27001, and the legal nuances of international data transfer
Experience with GDPR, CMMC readiness and certification efforts, secure handling of Controlled Unclassified Information (CUI), DFARS compliance and incident reporting protocols
Occasional travel
Respond to incidents in off-hours
Candidate will be hired as a Senior Manager or Manager depending upon experience and qualifications

Senior Manager – Cybersecurity Governance, Risk Management & Compliance

Key skills