Security Audits & Compliance

• Lead all internal and external security audits including TiSAX, ISO 27001/27701, and SOX; coordinate with auditors and manage evidence collection
• Develop and enforce information security policies and procedures; conduct gap analyses and drive remediation roadmaps
• Track audit findings and report remediation status to senior leadership on a regular cadence

Security Incident Management

• Serve as the primary escalation point for security incidents, leading end-to-end response from detection through recovery
• Maintain the Incident Response Plan (IRP), conduct tabletop exercises, and perform root cause analysis to prevent recurrence
• Coordinate with Legal, HR, Operations, and external parties as required; maintain logs of incidents and relevant threat intelligence

Regional IT Leadership, Advisory & Project Management

• Act as the regional IT advisory authority, setting technology direction, driving standardization, and assisting leadership with strategic and tactical IT planning across all sites
• Lead and manage IT projects from initiation through delivery — including requirements definition, resource planning, milestone tracking, and stakeholder communication — ensuring on-time, on-budget execution
• Mentor and develop regional IT team members; delegate work, review performance, and build team capabilities
• Provide second-level support for corporate applications and serve as the senior escalation point for complex technical issues

Change Management

• Oversee the IT change management process; chair Change Advisory Board (CAB) meetings and ensure all changes follow an approved, risk-assessed workflow
• Assess the security impact of proposed changes, verify rollback plans are in place, and communicate impacts to affected business units

IT Service Management

• Manage and optimize the ITSM ticketing platform; define and enforce SLAs, monitor performance metrics, and drive continuous improvement in resolution times
• Produce regular reporting on ticket volumes, trends, and team performance for IT leadership

Multi-Site IT Support & Team Leadership

• Manage IT support across all assigned sites; travel approximately 25% domestically to conduct audits, lead training, and maintain stakeholder relationships
• Hire, mentor, and develop IT support staff; collaborate with site leads to align IT capabilities with local business needs

Security Awareness & Training

• Design and manage a company-wide security awareness program including phishing simulations, role-based training, and secure behavior campaigns
• Track completion rates and phishing results; report trends to leadership and champion a security-first culture across all sites

Vendor & Third-Party Risk Management

• Own the third-party risk program; assess vendor compliance (SOC 2, ISO 27001), negotiate security requirements into contracts, and monitor for incidents or breaches
• Maintain an up-to-date vendor inventory with risk ratings and review schedules; collaborate with Procurement and Legal on due diligence

Access & Identity Management

• Govern IAM policies including least-privilege, RBAC, and user lifecycle management; oversee periodic access reviews and PAM controls
• Manage MFA enforcement across the enterprise; oversee provisioning and de-provisioning during onboarding and offboarding

Business Continuity & Disaster Recovery (BC/DR)

• Develop, maintain, and test the BCP and DRP; coordinate annual BC/DR exercises across all sites and drive improvement actions from outcomes
• Ensure backup, replication, and failover configurations meet RTO/RPO targets; keep all runbooks and contact directories current

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field (or equivalent experience)
• 7+ years of progressive IT and information security experience, with at least 3 years in a management or regional IT leadership role
• Demonstrated experience managing TiSAX, ISO 27001, and SOX audits and compliance programs
• Proven track record leading security incident response through full lifecycle, including post-incident reviews
• Experience managing IT projects end-to-end across multiple sites, including scope, budget, and stakeholder management
• Solid understanding of ITIL-based change and service management processes; hands-on experience with ITSM platforms (e.g., ServiceNow, Jira Service Management)
• Strong communication, documentation, and stakeholder management skills; ability to translate technical concepts for non-technical audiences
• Ability to travel domestically approximately 25%

• Certifications such as CISSP, CISM, ISO 27001 Lead Auditor, CISA, or CompTIA Security+; ITIL Foundation or higher
• Experience in automotive, manufacturing, or regulated industry environments, including ERP and plant floor systems
• Familiarity with vulnerability management tools, SIEM platforms, and endpoint security solutions
• Demonstrated success in strategic IT planning, budgeting, and goal attainment in a multi-site environment