FORTNA partners with the world’s leading brands to transform omnichannel and parcel distribution operations. Known world-wide for enabling companies to keep pace with digital disruption and growth objectives, we design and deliver solutions, powered by intelligent software, to optimize fast, accurate and cost-effective order fulfillment and last mile delivery. Our people, innovative approach and proprietary algorithms and tools ensure optimal operations design and material and information flow. We deliver exceptional value every day to our customers with comprehensive services and products including network strategy, distribution center operational design and implementation, material handling automated equipment, robotics and a comprehensive suite of lifecycle services.

At FORTNA, we believe in fostering a workplace that isn't just a job but a movement – a collective effort to redefine success and transform challenges into opportunities. "Join the Movement" encapsulates our commitment to a workplace culture that thrives on collaboration, celebrates diversity, and empowers every individual to contribute to something greater than themselves. Our Team. Our Passion. Our Approach.

Position Summary

We are seeking an experienced Senior Manager, Cybersecurity Governance, Risk & Compliance (GRC) to lead and mature our enterprise cybersecurity governance, risk management, compliance, and security assurance programs. This role is responsible for ensuring cybersecurity risks are effectively identified, managed, and communicated while maintaining compliance with regulatory requirements and industry security frameworks.

The Senior Manager will partner closely with Security Operations, IT, Legal, Privacy, Internal Audit, business leaders, and third-party providers to strengthen the organization's security posture, drive risk-based decision-making, and support business objectives. This position combines strategic leadership with operational oversight across governance, compliance, risk management, incident management, and vendor security programs.

Key Responsibilities

Governance & Cybersecurity Strategy

Lead the enterprise cybersecurity governance framework, including policies, standards, controls, and procedures.
Drive cybersecurity strategy and roadmap initiatives aligned with business goals and risk tolerance.
Provide leadership with visibility into cybersecurity posture, risks, compliance status, and program effectiveness.
Lead governance committees and facilitate cross-functional cybersecurity initiatives.

Risk Management

Conduct enterprise cybersecurity risk assessments and oversee risk treatment activities.
Maintain the cybersecurity risk register and monitor remediation efforts.
Evaluate emerging threats, vulnerabilities, and business impacts.
Perform security reviews for new technologies, projects, and strategic initiatives.
Lead third-party and vendor security risk assessments and due diligence activities.

Compliance & Security Assurance

Manage cybersecurity compliance programs aligned with frameworks and regulations.
Coordinate internal and external audits and oversee remediation of audit findings.
Ensure security controls, documentation, and evidence repositories support ongoing compliance requirements.
Monitor and report compliance performance and remediation progress.

Security Operations Oversight

Partner with Security Operations teams and external providers to strengthen monitoring, threat detection, incident response, and vulnerability management programs.
Review significant cybersecurity incidents, root cause analyses, and corrective action plans.
Participate in incident response exercises, tabletop simulations, and post-incident reviews.
Drive continuous improvement of security controls, detection capabilities, and response processes.
Monitor security metrics, KPIs, KRIs, and operational reporting.

Third-Party Risk & Security Vendor Management

Manage relationships with MDR, MSSP, SOC-as-a-Service, and other cybersecurity service providers.
Review vendor assessments, SOC reports, penetration test results, and compliance documentation.
Ensure third-party providers meet security, compliance, and contractual obligations.
Lead vendor risk remediation and ongoing security performance reviews.

Leadership & Stakeholder Engagement

Lead and mentor cybersecurity governance, risk, and compliance professionals.
Partner with IT, Security, Legal, Privacy, HR, Audit, and business leaders to address cybersecurity risks and compliance requirements.
Present cybersecurity risks, compliance status, audit results, and strategic recommendations to senior leadership and governance committees.
Serve as a trusted advisor on cybersecurity governance, risk management, and regulatory compliance.

Required Qualifications

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
12+ years of experience in cybersecurity, information security, risk management, compliance, audit, or security operations.
3+ years of leadership or people management experience.
Experience supporting or partnering with Security Operations (SOC) teams and incident response programs.
Strong knowledge of cybersecurity frameworks, governance models, and risk management methodologies.
Experience leading compliance initiatives, audits, and remediation programs.
Experience managing third-party security assessments and vendor risk programs.
Strong executive communication, stakeholder management, and presentation skills.

Preferred Qualifications

Experience with Microsoft security and compliance technologies, including Microsoft Purview and Microsoft Sentinel.
Experience working with SIEM, SOAR, EDR, MDR, vulnerability management, and GRC platforms.
Experience within regulated or compliance-driven industries.
Master's degree in a related discipline.

The base salary range for this role is $133,200 to $199,800. This base salary range represents the low and high end of the base salary range for this position. Actual base salary offered will vary based on various factors including but not limited to location, level, job-related knowledge, skills, experience, and performance.

This job description describes the general nature and level of work expected of a person assigned to this position. All job requirements listed indicate the minimum level of knowledge, skills and/or ability deemed necessary to perform the job proficiently. Employees may be required to perform any other job-related duties as requested by their supervisor.

It is the policy of FORTNA and its affiliated companies to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, pregnancy or pregnancy-related condition, status with regard to public assistance, veteran status, citizenship status (if authorized to work in the U.S.), or any other characteristic protected by federal, state or local law. In addition, FORTNA will provide reasonable accommodations for qualified individuals with disabilities.

Senior Manager – Cybersecurity Governance, Risk & Compliance (GRC)

Job description