Cybersecurity Program Manager
State College, Pennsylvania, United StatesFull-TimeManagerProduct / Project
Skills
Position Summary
- Support, develop, and continuously improve Minitab’s global Information Security Management System (ISMS). Contribute to the full lifecycle of the ISO 27001-certified program, including policy development, risk management, compliance oversight, audit coordination, third-party risk management, incident response, and business continuity.
- Partner cross-functionally to ensure security governance is embedded throughout business operations and aligned with organizational objectives.
Lead and Maintain the Information Security Management System
- Direct and support programs, policies, and daily practices to ensure continued compliance with ISO 27001
- Maintain alignment with privacy, legal, HR, operational, and reporting obligations
- Support governance oversight, corrective action planning, and continuous improvement initiatives
- Contribute to change management efforts, including integration of newly acquired entities
- Direct and support programs, policies, and daily practices to ensure continued compliance with ISO 27001
- Maintain alignment with privacy, legal, HR, operational, and reporting obligations
- Support governance oversight, corrective action planning, and continuous improvement initiatives
- Contribute to change management efforts, including integration of newly acquired entities
Manage Risk, Compliance, and Regulatory Alignment
- Monitor and interpret relevant cybersecurity laws, regulations, and industry frameworks
- Perform information security risk assessments and evaluate control environments
- Develop remediation plans and collaborate with IT, Operations, HR, Legal, Risk Management, and senior leadership to implement corrective actions
- Maintain documentation to support regulatory and audit requirements
- Monitor and interpret relevant cybersecurity laws, regulations, and industry frameworks
- Perform information security risk assessments and evaluate control environments
- Develop remediation plans and collaborate with IT, Operations, HR, Legal, Risk Management, and senior leadership to implement corrective actions
- Maintain documentation to support regulatory and audit requirements
Oversee Third-Party Risk and Customer Security Engagement
- Respond to customer security questionnaires and due diligence requests
- Conduct and manage vendor risk assessments
- Maintain documentation required for contractual and regulatory compliance
- Respond to customer security questionnaires and due diligence requests
- Conduct and manage vendor risk assessments
- Maintain documentation required for contractual and regulatory compliance
Support Incident Response and Business Continuity
- Participate in business continuity planning activities
- Support incident response efforts and post-incident reviews
- Assess operational impact of cybersecurity incidents and contribute to mitigation and recovery planning
- Participate in business continuity planning activities
- Support incident response efforts and post-incident reviews
- Assess operational impact of cybersecurity incidents and contribute to mitigation and recovery planning
Develop Security Awareness and Organizational Training
- Develop and maintain the company’s security awareness and training program
- Promote a culture of cybersecurity and privacy awareness across the enterprise
- Develop and maintain the company’s security awareness and training program
- Promote a culture of cybersecurity and privacy awareness across the enterprise
Qualifications
- 5+ years of experience working with Information Security Management Systems (ISMS), including ISO 27001 or similar frameworks, Big 4 consulting experience highly desired.
- Bachelor’s degree in a related field preferred; equivalent experience will be considered
- Familiarity with cybersecurity frameworks and Risk Management Framework (RMF)
- Knowledge of cybersecurity and privacy laws, regulations, and compliance standards
- Experience conducting security risk assessments and developing remediation plans
- Strong technical writing, analytical, and governance skills
- Project management experience preferred
- Relevant certifications such as CISSP, CISM, or equivalent are a plus
- Fluent in English (read, write, speak)
- Ability to work on-site daily or remotely with regular travel to company offices as required
- 5+ years of experience working with Information Security Management Systems (ISMS), including ISO 27001 or similar frameworks, Big 4 consulting experience highly desired.
- Bachelor’s degree in a related field preferred; equivalent experience will be considered
- Familiarity with cybersecurity frameworks and Risk Management Framework (RMF)
- Knowledge of cybersecurity and privacy laws, regulations, and compliance standards
- Experience conducting security risk assessments and developing remediation plans
- Strong technical writing, analytical, and governance skills
- Project management experience preferred
- Relevant certifications such as CISSP, CISM, or equivalent are a plus
- Fluent in English (read, write, speak)
- Ability to work on-site daily or remotely with regular travel to company offices as required
- Our Benefits:
To be considered for this role, you must be legally authorized to work in the United States and not require sponsorship for employment now or in the future.
- Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
- Job application remains open until filled.
