IT Manager, Security Compliance

K

Job Overview

Due to an upcoming retirement, we are hiring an IT Manager of Security Compliance. The Security Compliance Manager’s primary role will be to lead governance, risk management, and compliance (GRC) initiatives within our growing security program. This role will be pivotal in building and maintaining the governance framework, ensuring adherence to security standards, and leading key risk management processes for our organization, which supports over 14,000 IT users globally.

Key Job Responsibilities

Governance

· Support Cybersecurity Governance Committees by providing guidance, reporting, and action plans to meet organizational objectives.
· Develop and maintain IT security policies, standards, and procedures that align with CIS controls and regulatory requirements.
· Lead the implementation and up-keep of the organization's incident response plan to ensure quick, effective action in the event of a security breach.
· Collaborate with IT teams to manage and secure platforms such as O365, Azure, and Operational Technology (OT) systems.
· Oversee the preparation and completion of security questionnaire responses for clients and partners.

Risk Management
· Enhance the existing Cybersecurity Awareness Program, leveraging tools like KnowBe4, to educate employees and reduce organizational risk.
· Coordinate and lead the organization's Threat Risk Assessments (TRAs), ensuring alignment with industry best practices.
· Drive security posture maturity by implementing and monitoring security initiative projects.
· Support HR and Legal Teams in addressing insider threats and other security concerns.
· Oversee vulnerability management programs to ensure timely patching and mitigation of risks across IT and OT environments.

Compliance 
· Manage and prepare for SOC2 certification efforts, aligning processes with CIS and other regulatory standards. 
· Support audit requests, including preparation for cyber insurance assessments and compliance with privacy regulations (e.g., GDPR, CCPA). 
· Provide compliance-related reporting to our parent company - Komatsu Limited (KLTD) - metrics, incident reporting, and tool usage analysis. 
· Collaborate with Legal and IT teams to ensure compliance with data privacy regulations and support e-discovery efforts.

Qualifications/Requirements

• Bachelor’s degree in the IT/Information Security/Technology/legal or related field
•  7+ years of experience in Information Security and/or Data Privacy Compliance positions including 3+ years of prior people management
•  Expertise in cybersecurity practice and compliance standards, eg. CIS, ISO27K, SOC1/2, SSAE 18, NIST CSF and PCI DSS is highly desirable
•  Strong understanding of data privacy regulations eg. CCPA, GDPR, PIPEDA, UK DPA and Privacy Shield
•  Strong understanding and experience in enabling GRC solutions and common control framework for cybersecurity and data regulations
•  Certification(s) Preferred: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), CISA, CISM
•  Excellent project management and process improvement skills
•  Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks
•  Excellent communication, interpersonal skills, especially the translation of cybersecurity and privacy concepts to all levels of the organization.
•  Detail oriented, with a strong sense of accountability and a proactive mindset
•  Demonstrated experience leading small teams and influencing broader organizational change.
•  Strong analytical and problem-solving skills.
•  Ability to navigate ambiguity and prioritize competing demands in a fast-paced environment

Additional Information

K

Hiring Range 

At Komatsu, your base pay is one part of your total compensation package. This role pays $[[129,000-161,000]] annually. The actual offer will consider a wide range of factors, including experience and location.

k

Diversity & Inclusion Commitment 

At Komatsu we come from diverse backgrounds, with unique perspectives, experiences, and contributions.  We are committed to creating a workforce that is reflective of the communities we work and live in. We believe that our people are part of our shared purpose.  We are authentic, ambitious, and innovative in our pursuit of Diversity & Inclusion.  United, we are on a journey towards a sustainable future that creates value together.  

If you want to learn more about Komatsu, please visit our website at https://www.komatsu.com/ 

k

Company Information 

Komatsu is a world leader in manufacturing construction, mining, forestry, and industrial heavy equipment.  Founded in 1921, Komatsu has a long history of quality, reliability, innovation, and excellence.  Headquartered in Tokyo, Japan, Komatsu facilities, distributors and dealers are in more than 140 countries and employ more than 60,000 people.  Komatsu offers a diverse and challenging work environment, where you can grow your skills and career, and contribute to a sustainable, clean-energy future.  If you are looking for a company that values your talent and potential, be a part of something big and join a team that is shaping the world! 

k

EEO Statement 

Komatsu is an Equal Opportunity Workplace and an Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. 

k