Job Overview

Are you passionate about building strong, scalable security programs that truly make an impact? We are seeking an IT Manager of Security Compliance to play a critical leadership role in advancing our global security program. In this role, you will lead governance, risk management, and compliance (GRC) initiatives, shaping and sustaining a robust governance framework that protects our organization and its people. You’ll partner closely with cross-functional teams to ensure alignment with security standards and drive key risk management processes across an environment supporting more than 14,000 IT users worldwide.

Key Job Responsibilities

Governance

· Support Cybersecurity Governance Committees by providing guidance, reporting, and action plans to meet organizational objectives.
· Develop and maintain IT security policies, standards, and procedures that align with CIS controls and regulatory requirements.
· Lead the implementation and up-keep of the organization's incident response plan to ensure quick, effective action in the event of a security breach.
· Collaborate with IT teams to manage and secure platforms such as O365, Azure, and Operational Technology (OT) systems.
· Oversee the preparation and completion of security questionnaire responses for clients and partners.

Risk Management
· Enhance the existing Cybersecurity Awareness Program, leveraging tools like KnowBe4, to educate employees and reduce organizational risk.
· Coordinate and lead the organization's Threat Risk Assessments (TRAs), ensuring alignment with industry best practices.
· Drive security posture maturity by implementing and monitoring security initiative projects.
· Support HR and Legal Teams in addressing insider threats and other security concerns.
· Oversee vulnerability management programs to ensure timely patching and mitigation of risks across IT and OT environments.

Compliance 
· Manage and prepare for SOC2 certification efforts, aligning processes with CIS and other regulatory standards. 
· Support audit requests, including preparation for cyber insurance assessments and compliance with privacy regulations (e.g., GDPR, CCPA). 
· Provide compliance-related reporting to our parent company - Komatsu Limited (KLTD) - metrics, incident reporting, and tool usage analysis. 
· Collaborate with Legal and IT teams to ensure compliance with data privacy regulations and support e-discovery efforts.

Qualifications/Requirements

• Bachelor’s degree in the IT/Information Security/Technology/legal or related field
•  7+ years of experience in Information Security and/or Data Privacy Compliance positions including 3+ years of prior people management
•  Expertise in cybersecurity practice and compliance standards, eg. CIS, ISO27K, SOC1/2, SSAE 18, NIST CSF and PCI DSS is highly desirable
•  Strong understanding of data privacy regulations eg. CCPA, GDPR, PIPEDA, UK DPA and Privacy Shield
•  Strong understanding and experience in enabling GRC solutions and common control framework for cybersecurity and data regulations
•  Certification(s) Preferred: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), CISA, CISM
•  Excellent project management and process improvement skills
•  Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks
•  Excellent communication, interpersonal skills, especially the translation of cybersecurity and privacy concepts to all levels of the organization.
•  Detail oriented, with a strong sense of accountability and a proactive mindset
•  Demonstrated experience leading small teams and influencing broader organizational change.
•  Strong analytical and problem-solving skills.
•  Ability to navigate ambiguity and prioritize competing demands in a fast-paced environment

Additional Information