Sr. Manager of Cybersecurity GRC
Share
Job Location:
Stamford, CT - USA
Monthly Salary:
Not Disclosed
Posted on:
2 days ago
Vacancies:
1 Vacancy
Job Summary
Great company. Great people. Great opportunities.
If youd like the chance to make your mark with the worlds largest equipment rental provider come build your future with United Rentals!
The Sr. Manager of Cybersecurity GRC (Gov Risk Mgt & Comp) is a leader responsible for shaping the firms governance risk compliance and data privacy posture. This role owns the multi-year GRC strategy manages the cybersecurity budget (P&L for the function) and serves as the primary liaison and subject matter expert to executive leadership and the Board. The Sr. Manager aligns security investments with business objectives and leads initiatives that mature people processes and technology to ensure resilience against sophisticated threats while meeting global regulatory requirements.
What youll do:
Policy Procedure and Standards Governance
Lead the development maintenance and enforcement of a comprehensive cybersecurity policy frameworkincluding core policy and sub policies (e.g. Acceptable Use Access Control)aligned to ISO/IEC 27001 NIST 800 53 and company values.
Translate complex regulatory requirements into actionable auditable operating procedures for IT and other teams.
Serve as the organizational Center of Excellence for security standards proactively updating them in anticipation of emerging mandates and industry trends.
Strategic Planning & Budgeting
Own the multi-year cybersecurity roadmap and align investments to enterprise strategy justifying capital and operational expenditures to leadership.
Manage the cybersecurity budget optimizing security to value across talent tooling and third party services.
Compliance & Data Privacy
Direct implementation and continuous review of global and sectoral mandates including GDPR PCI DSS DFARS/CMMC CCPA/CPRA and SOX.
Engage with external vendors and auditors on matters of cybersecurity oversight and assurance.
Risk Management & Reporting
Convert qualitative technical risks into quantified business impacts to inform prioritization and investment.
Develop and maintain the Enterprise Cyber Risk Register and integrate it with the broader ERM framework.
Establish and report KRIs and KPIs to the Board and Executive Leadership; enforce the enterprise risk appetite across initiatives.
Provide balanced governance to ensure speed to market does not compromise security integrity.
Third-Party & Vendor Risk Management (TPRM)
Manage the end to end lifecycle of vendor securityfrom pre contract due diligence to continuous monitoring of critical SaaS and infrastructure partners.
Partner with Legal and Procurement to ensure robust security and privacy terms including indemnification in third party agreements.
Adversarial Readiness & Incident Response
Lead the red team penetration testing and cyber maturity assessment programs.
Serve as a key member of the incident response command structure with emphasis on regulatory and crisis workstreams during a breach.
Security Culture & Awareness
Design and deliver high impact training that goes beyond check the box compliance to build true security ownership across the workforce.
Run advanced phishing and social engineering simulations to continuously test and enhance resilience.
Promote a culture of cyber awareness and compliance.
Data Privacy and Data Loss Prevention (DLP)
Define the enterprise strategy for data classification tagging tracking and handling.
People Leadership & Organizational Development
Direct mentor and develop teams.
Establish goals performance expectations and development plans; build succession capability.
Foster a culture of collaboration accountability and continuous improvement.
Other duties as assigned.
Requirements:
Education/Certifications: CISSP CISM or CISA required. CRISC CGEIT preferred
10 years in Cybersecurity with at least 5 years in a leadership role managing complex GRC (Gov Risk Mgt & Comp) functions
Deep familiarity with the NIST Cybersecurity Framework ISO 27001 and the legal nuances of international data transfer
Experience with CMMC readiness and certification efforts secure handling of Controlled Unclassified Information (CUI) DFARS 252.204-7012 compliance and incident reporting protocols
Office environment; sitting at a desk and working at a computer
Occasional travel
Respond to incidents in off-hours
Candidate will be hired as a Senior Manager or Manager depending upon experience and qualifications
Why join us
We dont just talk the talk! Were an award-winning company (recently named a Glassdoor Best Place to Work in 2026) that truly cares about our people - Thats why we offer best-in-class benefits and perks that will support you and your addition to our health and financial plans we also offer:
Paid Parental Leave
Employee Discount Program
Career Development & Promotional Opportunities
Additional Vacation Buy Up Program (US Only)
Early Wage Access through Payactiv (US Hourly Only)
Paid Sick Leave
An inclusive and welcoming culture
Learn more about our full US benefit offerings here.
United Rentals Inc. is an Equal Opportunity Employer and makes employment decisions regardless of race color religion sex national origin age genetic information citizenship status veteran status sexual orientation gender identity disability or any other status protected by law. If you need a reasonable accommodation at any point of the application process please email for assistance.
At United Rentals we proudly hire active duty members veterans reservists and their families. The values that define your serviceleadership discipline integrity and teamworkare the same values that drive our success. With many veterans already part of our team were ready to help you transition into a rewardingcareer.
United Rentals consists of a wide variety of roles with different duties and responsibilities. The actual pay rate offered to candidates varies depending upon a wide range of factors including specific position location education training experience skills and ability.
Required Experience:
Manager
