Security & IT Support Manager

The Security & IT Support Manager oversees corporate information security, IT compliance, technical support operations, and regional IT leadership across multiple company sites. This role combines hands-on security program management with regional IT advisory responsibilities — setting technology direction, driving standardization, and ensuring high-quality IT service delivery. The ideal candidate brings proven experience with TiSAX, ISO 27001, and SOX frameworks, strong leadership skills, and a track record managing IT environment in automotive or manufacturing industries.Hiring RequirementsSecurity Audits & ComplianceLead all internal and external security audits including TiSAX, ISO 27001/27701, and SOX; coordinate with auditors and manage evidence collectionDevelop and enforce information security policies and procedures; conduct gap analyses and drive remediation roadmapsTrack audit findings and report remediation status to senior leadership on a regular cadenceSecurity Incident ManagementServe as the primary escalation point for security incidents, leading end-to-end response from detection through recoveryMaintain the Incident Response Plan (IRP), conduct tabletop exercises, and perform root cause analysis to prevent recurrenceCoordinate with Legal, HR, Operations, and external parties as required; maintain logs of incidents and relevant threat intelligenceRegional IT Leadership, Advisory & Project ManagementAct as the regional IT advisory authority, setting technology direction, driving standardization, and assisting leadership with strategic and tactical IT planning across all sitesLead and manage IT projects from initiation through delivery — including requirements definition, resource planning, milestone tracking, and stakeholder communication — ensuring on-time, on-budget executionMentor and develop regional IT team members; delegate work, review performance, and build team capabilitiesProvide second-level support for corporate applications and serve as the senior escalation point for complex technical issuesChange ManagementOversee the IT change management process; chair Change Advisory Board (CAB) meetings and ensure all changes follow an approved, risk-assessed workflowAssess the security impact of proposed changes, verify rollback plans are in place, and communicate impacts to affected business unitsIT Service ManagementManage and optimize the ITSM ticketing platform; define and enforce SLAs, monitor performance metrics, and drive continuous improvement in resolution timesProduce regular reporting on ticket volumes, trends, and team performance for IT leadershipMulti-Site IT Support & Team LeadershipManage IT support across all assigned sites; travel approximately 25% domestically to conduct audits, lead training, and maintain stakeholder relationshipsHire, mentor, and develop IT support staff; collaborate with site leads to align IT capabilities with local business needsSecurity Awareness & TrainingDesign and manage a company-wide security awareness program including phishing simulations, role-based training, and secure behavior campaignsTrack completion rates and phishing results; report trends to leadership and champion a security-first culture across all sitesVendor & Third-Party Risk ManagementOwn the third-party risk program; assess vendor compliance (SOC 2, ISO 27001), negotiate security requirements into contracts, and monitor for incidents or breachesMaintain an up-to-date vendor inventory with risk ratings and review schedules; collaborate with Procurement and Legal on due diligenceAccess & Identity ManagementGovern IAM policies including least-privilege, RBAC, and user lifecycle management; oversee periodic access reviews and PAM controlsManage MFA enforcement across the enterprise; oversee provisioning and de-provisioning during onboarding and offboardingBusiness Continuity & Disaster Recovery (BC/DR)Develop, maintain, and test the BCP and DRP; coordinate annual BC/DR exercises across all sites and drive improvement actions from outcomesEnsure backup, replication, and failover configurations meet RTO/RPO targets; keep all runbooks and contact directories currentREQUIRED QUALIFICATIONSBachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field (or equivalent experience)7+ years of progressive IT and information security experience, with at least 3 years in a management or regional IT leadership roleDemonstrated experience managing TiSAX, ISO 27001, and SOX audits and compliance programsProven track record leading security incident response through full lifecycle, including post-incident reviewsExperience managing IT projects end-to-end across multiple sites, including scope, budget, and stakeholder managementSolid understanding of ITIL-based change and service management processes; hands-on experience with ITSM platforms (e.g., ServiceNow, Jira Service Management)Strong communication, documentation, and stakeholder management skills; ability to translate technical concepts for non-technical audiencesAbility to travel domestically approximately 25%PREFERRED QUALIFICATIONSCertifications such as CISSP, CISM, ISO 27001 Lead Auditor, CISA, or CompTIA Security+; ITIL Foundation or higherExperience in automotive, manufacturing, or regulated industry environments, including ERP and plant floor systemsFamiliarity with vulnerability management tools, SIEM platforms, and endpoint security solutionsDemonstrated success in strategic IT planning, budgeting, and goal attainment in a multi-site environment