Senior Manager – Information Security & Global Compliance

Company Overview

Throughout our worldwide network of experts, clients and communities, we are renowned for our leadership in fire protection engineering – a legacy of responsibility we have proudly upheld since 1939. Today, our expertise extends broadly across closely related security and risk-based fields – from accessibility consulting and risk analysis to process safety, forensic investigations, security risk consulting, emergency management, digital innovation and more.

Our engineers and consultants collaborate to solve complex safety and security challenges, ensuring our clients can protect what matters most. For over 80 years, we have helped mitigate risks that threaten lives, property and reputations. Through technology, expertise and industry-leading research, we remain dedicated to our purpose of making our world safe, secure and resilient.

At Jensen Hughes, we believe that creating and sustaining a culture of trust, integrity and professional growth starts with putting our people first. Our employees are our greatest strength, and we value the unique perspectives and talents they bring to our organization. 

Our wide range of Global Employee Networks connect people from across the organization, supporting career development and providing forums for individuals to share experiences on topics they're passionate about. Together, we are cultivating a connected culture where everyone has the opportunity to learn, grow and succeed together.

Job Overview

We are hiring a Senior Manager – Information Security & Global Compliance to drive the organization’s security posture by translating security policies, global compliance requirements, and risk frameworks into actionable execution across IT, Enterprise Applications, Cloud, and Digital teams.

This is a hands-on leadership role that combines technical depth, cross-functional influence, and execution discipline. You will lead security initiatives including vulnerability management, endpoint security, identity governance, and global compliance (CMMC, NIST, regional requirements), ensuring security and compliance are embedded into daily operations—not treated as separate functions.

Responsibilities:

Security strategy & execution: 

• Translate security policies and frameworks into practical implementation plans across IT, EA, and 
  Cloud teams
• Drive execution of key initiatives:
  • Vulnerability management
  • Patch compliance
  • Endpoint security
    Identity & access management
• Establish and enforce security standards across systems and platforms

Global compliance & governance:

• Lead implementation of global compliance frameworks:
  • CMMC
  • NIST 800-171 / NIST CSF
  • Regional regulatory requirements (e.g., GDPR, UK/EU compliance)
• Translate controls into operational processes and technical enforcement
• Ensure audit readiness, evidence collection, and control validation + Maintain consistency of compliance practices across global teams

Vulnerability & risk management:

• Own vulnerability management program
• Define remediation SLAs and track execution
• Partner with IT, Cloud, and Application teams to drive remediation
• Provide clear reporting on risk posture and trends

Cross-functional leadership:

• Act as the bridge between InfoSec, IT, EA, Cloud, and regional teams
• Drive accountability without direct authority
• Embed security into system design, delivery, and operations

Identity & endpoint security:

• Oversee identity governance and access control models (least privilege, RBAC)
• Ensure endpoint security and system hardening standards are implemented
• Partner with IT to enforce secure configurations

Security & compliance reporting:

• Define and track key metrics
• Vulnerability remediation timelines
• Patch compliance rates
• Control effectiveness
• Deliver executive-level reporting on global security posture
• Highlight risks, gaps, and remediation progress
• Track and report key security metrics

Vendor security:

• Evaluate vendor security and compliance posture
• Ensure security requirements are included in onboarding and renewals
• Partner with procurement and IT to manage third-party risk

Team leadership:

• Manage and coach a team of 2 InfoSec professionals
• Set priorities and ensure execution of security and compliance initiatives
• Drive accountability, growth, and performance within the team

Requirements (must have):

• 12+ years of experience in Information Security 
• Strong hands-on experience in:
  • Vulnerability management in Rapid7
  • Endpoint security and patching
  • Identity and access management
• Proven experience implementing:
  • CMMC
  • NIST 800-171 / NIST CSF
• Experience driving execution across multiple teams and functions
• Strong understanding of IT infrastructure, cloud environments, and enterprise systems
• Experience managing small teams

Preferred qualifications:

• Experience in global organizations with multi-region compliance requirements
• Familiarity with:
  • GDPR or regional data protection laws
  • GCC High / secure enclave environments
• Experience supporting audits and regulatory assessments
• Certifications:
  • CISSP
  • CISM
  • Security+

Key outcomes:

• Measurable improvement in vulnerability remediation timelines
• Improve overall security posture through Policy and Procedures
• Strong, audit-ready compliance posture (CMMC, NIST, global frameworks)
• Clear and consistent executive reporting
• Improved collaboration across IT, Application, Cloud, and Security teams
• Effective development and performance of direct reports

Jensen Hughes is an Equal Opportunity Employer. Qualified candidates will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

 

At Jensen Hughes, we embrace innovation and understand that people are increasingly using artificial intelligence (AI) tools like ChatGPT and other generative platforms to learn, prepare and communicate.  We have provided some guidelines regarding the responsible use of AI in the recruitment process.  Please click here to review.

The security of your personal data is important to us. Jensen Hughes has implemented reasonable physical, technical, and administrative security standards to protect personal data from loss, misuse, alteration, or destruction. We protect your personal data against unauthorized access, use, or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals may access your personal data for the purpose for which it was collected, and these individuals receive training about the importance of protecting personal data.  Jensen Hughes is committed to compliance with all relevant data privacy laws in all areas where we do business, including, but not limited to, the GDPR and the CCPA.  Additionally, our service providers are contractually bound to maintain the confidentiality of personal data and may not use the information for any unauthorized purpose.

 

*Policy on use of 3rd party recruiting agency for direct placements

Jensen Hughes will occasionally augment a recruiting search through agencies for certain positions when business conditions warrant. Jensen Hughes will not accept resumes, inquiries or proposals from recruiting agencies as an acceptable method to consider a candidate. 3rd party recruiting agencies must sign a standard Jensen Hughes agreement after being evaluated and accepted by a Human Resources or Talent Acquisition manager, or member of the talent acquisition team. Hiring managers and employees of Jensen Hughes are not authorized to accept resumes, engage in fee-based searches through recruiting firms or sign a search agreement. Please note this policy does not apply to “staffing firms” or firms that are involved with hiring temporary staff. Any recruiting agency interested in being considered may contact our recruiting team at jensenhughesrecruiting.com.