Sr. Manager of Cybersecurity GRC

_Great company. Great people. Great opportunities._ If youu2019d like the chance to make your mark with the worldu2019s largest equipment rental provider, come build your future with United Rentals The Sr. Manager of Cybersecurity GRC (Gov, Risk Mgt & Comp) is a leader responsible for shaping the firmu2019s governance, risk, compliance, and data privacy posture. This role owns the multi-year GRC strategy, manages the cybersecurity budget (P&L for the function), and serves as the primary liaison and subject matter expert to executive leadership and the Board. The Sr. Manager aligns security investments with business objectives and leads initiatives that mature people, processes, and technology to ensure resilience against sophisticated threats while meeting global regulatory requirements. What youu2019ll do: Policy, Procedure, and Standards Governance + Lead the development, maintenance, and enforcement of a comprehensive cybersecurity policy frameworku2014including core policy and sub policies (e.g., Acceptable Use, Access Control)u2014aligned to ISO/IEC 27001, NIST 800 53, and company values. + Translate complex regulatory requirements into actionable, auditable operating procedures for IT and other teams. + Serve as the organizational Center of Excellence for security standards, proactively updating them in anticipation of emerging mandates and industry trends. + Strategic Planning & Budgeting + Own the multi-year cybersecurity roadmap and align investments to enterprise strategy, justifying capital and operational expenditures to leadership. + Manage the cybersecurity budget, optimizing security to value across talent, tooling, and third party services. Compliance & Data Privacy + Direct implementation and continuous review of global and sectoral mandates, including GDPR, PCI DSS, DFARS/CMMC, CCPA/CPRA, and SOX. + Engage with external vendors and auditors on matters of cybersecurity oversight and assurance. + Risk Management & Reporting + Convert qualitative technical risks into quantified business impacts to inform prioritization and investment. + Develop and maintain the Enterprise Cyber Risk Register and integrate it with the broader ERM framework. + Establish and report KRIs and KPIs to the Board and Executive Leadership; enforce the enterprise risk appetite across initiatives. + Provide balanced governance to ensure speed to market does not compromise security integrity. Third-Party & Vendor Risk Management (TPRM) + Manage the end to end lifecycle of vendor securityu2014from pre contract due diligence to continuous monitoring of critical SaaS and infrastructure partners. + Partner with Legal and Procurement to ensure robust security and privacy terms, including indemnification, in third party agreements. Adversarial Readiness & Incident Response + Lead the red team, penetration testing, and cyber maturity assessment programs. + Serve as a key member of the incident response command structure, with emphasis on regulatory and crisis workstreams during a breach. Security Culture & Awareness + Design and deliver high impact training that goes beyond u201ccheck the boxu201d compliance to build true security ownership across the workforce. + Run advanced phishing and social engineering simulations to continuously test and enhance resilience. + Promote a culture of cyber awareness and compliance. Data Privacy and Data Loss Prevention (DLP) + Define the enterprise strategy for data classification, tagging, tracking, and handling. People Leadership & Organizational Development + Direct, mentor, and develop teams. + Establish goals, performance expectations, and development plans; build succession capability. + Foster a culture of collaboration, accountability, and continuous improvement. + Other duties as assigned. Requirements: + Education/Certifications: CISSP, CISM, or CISA required. CRISC, CGEIT preferred + 10+ years in Cybersecurity, with at least 5 years in a leadership role managing complex GRC (Gov, Risk Mgt & Comp) functions + Deep familiarity with the NIST Cybersecurity Framework, ISO 27001, and the legal nuances of international data transfer + Experience with CMMC readiness and certification efforts, secure handling of Controlled Unclassified Information (CUI), DFARS 252.204-7012 compliance and incident reporting protocols + Office environment; sitting at a desk and working at a computer + Occasional travel + Respond to incidents in off-hours + Candidate will be hired as a Senior Manager or Manager depending upon experience and qualifications _Why join us?_ We donu2019t just u201ctalk the talku201d Weu2019re an award-winning company (recently named a Glassdoor Best Place to Work in 2026) that truly cares about our people - Thatu2019s why we offer best-in-class benefits and perks that will support you and your family. In addition to our health and financial plans, we also offer: + Paid Parental Leave + United Compassion Fund ( + Employee Discount Program + Career Development & Promotional Opportunities + Additional Vacation Buy Up Program (US Only) + Early Wage Access through Payactiv (US Hourly Only) + Paid Sick Leave + An inclusive and welcoming culture ( Learn more about our full US benefit offerings ( here. United Rentals, Inc. is an Equal Opportunity Employer and makes employment decisions regardless of race, color, religion, sex, national origin, age, genetic information, citizenship status, veteran status, sexual orientation, gender identity, disability, or any other status protected by law. If you need a reasonable accommodation at any point of the application process, please email for assistance. At United Rentals, we proudly hire active duty members, veterans, reservists, and their families. The values that define your serviceu2014leadership, discipline, integrity, and teamworku2014are the same values that drive our success. With many veterans already part of our team, weu2019re ready to help you transition into a rewarding career. _United Rentals consists of a wide variety of roles with different duties and responsibilities. The actual pay rate offered to candidates varies depending upon a wide range of factors including specific position, location, education, training, experience, skills, and ability._

Created: 2026-03-30