Senior Manager, Security Governance, Risk & Compliance (Policy, Design & Remediation)

Pay Transparency Statement :

The compensation philosophy reflects the Company’s reasonable expectation at the time of posting. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs.

This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.

Position Summary :

The Senior Manager Security Governance Risk & Compliance (GRC Policy, Design & Remediation) will develop and maintain security governance standards and protocols in partnership with other members of the CISO organization, Reyes Holdings IT, and Reyes Family of Business Units in accordance with accepted frameworks incorporating industry practices and applicable compliance requirements.

This role will also need to be able to be a part of the creation of reference architecture that aligns with approved security standards and protocols.

Additionally, this role will oversee the management of a remediation program collaborating with Security GRC compliance group for the prioritization of issues across the CISO organization.

Position Responsibilities may include, but not limited to :

• Develops the security standards and protocols for enterprise security by taking a risk-based approach with the Security GRC Compliance team for the program design
• Collaborates to develop reference architecture that aligns with approved Security protocols and standards for organizational strategy
• Focus on working in partnership with IT business units, external partners, and the business to ensure security protocols and standards are updated periodically to address emerging security threats and comply with relevant regulatory requirements
• Leads one or more committees focused on developing standards content, obtaining feedback and approval, and communicating newly issued or revised standards on the enterprise repository
• Collaborate with cross-functional Enterprise Architecture, Reyes Holdings IT, and Reyes Family of Business Units to integrate security measures into system and application architectures as well as any projects
• Collaborate with Security GRC Compliance to prioritize security vulnerabilities and control deficiencies through regular reporting, assessments, and audits
• Drive and execute remediation strategies to address identified vulnerabilities and control deficiencies in a timely and efficient manner collaborating with the CISO organization, Reyes Holdings IT, and Reyes Family of Business Units.

Report on these remediation strategies by developing reporting metrics, dashboards, and evidence artifacts

• Manages overall direction of functional areas, developing plans and goals, evaluating effectiveness of each area
• Determines staffing requirements, tooling and services required for success in annual budget process
• Other projects or duties as assigned

Required Skills and Experience :

Bachelor’s degree in Computer Science, IT, Engineering, or Security discipline and 8+ years of experience as a technical specialist in Customer-facing roles.

with 5+ years working in the architecture, IT, or cyber security field as well as 4+ years of supervisory experience, OR High School Diploma and 11+ years of the above stated experience and 5+ years of supervisory experience in lieu of a Bachelor’s Degree

• At least five years of prior experience in proven experience in a security role with a focus on standards, policies, remediation, and architecture
• Strong understanding of security frameworks, compliance requirements, and industry standards
• In-depth knowledge of security architecture principles and best practices
• Experience in developing and implementing effective remediation strategies
• Successful in fast paced and quick changing environments
• Excellent leadership and communication skills with the ability to collaborate across
• Ability to generate roadmaps and drive buy-in across complex organization structures
• This job requires the ability to travel 10% on an annual basis
• This position must pass a post-offer background and drug test

Preferred Skills and Experience :

• Master’s degree is preferred
• Relevant certifications such as CISSP, CISM, CISA or similar are highly desirable
• Broad Enterprise systems experience including applications, platforms, and architecture
• Proficient in business capabilities modeling, strategic planning, and business architecture

Physical Demands and Work Environment :

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions.

Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.