Cybersecurity Program Manager

Support, develop, and continuously improve Minitab’s global Information Security Management System (ISMS). Contribute to the full lifecycle of the ISO 27001-certified program, including policy development, risk management, compliance oversight, audit coordination, third-party risk management, incident response, and business continuity.

Partner cross-functionally to ensure security governance is embedded throughout business operations and aligned with organizational objectives.

• Direct and support programs, policies, and daily practices to ensure continued compliance with ISO 27001

• Maintain alignment with privacy, legal, HR, operational, and reporting obligations

• Support governance oversight, corrective action planning, and continuous improvement initiatives

• Contribute to change management efforts, including integration of newly acquired entities

• Monitor and interpret relevant cybersecurity laws, regulations, and industry frameworks

• Perform information security risk assessments and evaluate control environments

• Develop remediation plans and collaborate with IT, Operations, HR, Legal, Risk Management, and senior leadership to implement corrective actions

• Maintain documentation to support regulatory and audit requirements

• Respond to customer security questionnaires and due diligence requests

• Conduct and manage vendor risk assessments

• Maintain documentation required for contractual and regulatory compliance

• Participate in business continuity planning activities

• Support incident response efforts and post-incident reviews

• Assess operational impact of cybersecurity incidents and contribute to mitigation and recovery planning

• Develop and maintain the company’s security awareness and training program

• Promote a culture of cybersecurity and privacy awareness across the enterprise

• 5+ years of experience working with Information Security Management Systems (ISMS), including ISO 27001 or similar frameworks, Big 4 consulting experience highly desired.

• Bachelor’s degree in a related field preferred; equivalent experience will be considered

• Familiarity with cybersecurity frameworks and Risk Management Framework (RMF)

• Knowledge of cybersecurity and privacy laws, regulations, and compliance standards

• Experience conducting security risk assessments and developing remediation plans

• Strong technical writing, analytical, and governance skills

• Project management experience preferred

• Relevant certifications such as CISSP, CISM, or equivalent are a plus

• Fluent in English (read, write, speak)

• Ability to work on-site daily or remotely with regular travel to company offices as required

Our Benefits:

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.  

Job application remains open until filled.