Senior Manager, Information Security Governance, Risk & Compliance

This is a fully remote position, open to applicants in Florida.

📋 Description

• Oversee a team of risk, compliance, and privacy specialists who collaborate with global technology teams and business leaders to implement Ryder’s Information Security Management System.

• Direct the creation and continuous management of unified control and risk management frameworks for assessing the organization's security posture, tailored to industry standards, regulatory requirements, and customer expectations.

• Act as a reliable partner to educate and engage with stakeholders in Corporate Compliance, Enterprise Risk Management, Internal Audit, Physical Security and Safety, Legal, and IT on information security and risk management best practices.

• Spearhead the formulation and ongoing administration of global information security policies and corporate standards across the organization that are in line with industry guidelines and promote effective strategies to mitigate security risks.

• Lead the establishment and management of a global third-party risk management program to regularly assess new and existing vendors based on their significance to the business.

• Oversee the creation and administration of a global information security customer compliance program designed to streamline processes for addressing customer inquiries regarding information security attestations, audits, on-site assessments, and rectification of security issues.

• Direct the development and management of a contemporary, engaging global information security training and awareness initiative aimed at providing continuous information security education across all organizational levels.

• Guide the creation and management of an IT enterprise risk register to effectively catalog, manage, communicate, and evaluate global IT risks.

⛳️ Requirements

• A Bachelor's degree in Information Security, Computer Science, a related field, or equivalent professional experience is required.

• A minimum of eight (8) years of experience in the Information/Cyber Security field is required.

• At least eight (8) years of experience as a lead information systems compliance auditor is mandatory.

• A minimum of eight (8) years of experience implementing and supporting systems that utilize industry-standard frameworks and/or best practices (e.g., NIST, ISO 27001 and 27002, Cloud Security Alliance, etc.) is required.

• Eight (8) years or more in a comparable management role or leading/supervising technical teams is necessary.

• Advanced knowledge of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR, and other global regulations is required.

• Experience in analyzing risk management findings, prioritizing vulnerabilities, threat modeling, and developing mitigation strategies is essential.

• Risk, Privacy, or Security Certification (CISSP, CCSK, CCSP, PCSM) is preferred.

🏝️ Benefits

• Comprehensive health and welfare benefits.

• Options for medical, prescription, dental, vision, life insurance, and disability insurance.

• Paid time off for vacation, illness, bereavement, family, and parental leave.

• A tax-advantaged 401(k) retirement savings plan.