CubeSmart
Overview:
CubeSmart is hiring a Cybersecurity Program & GRC Manager to join our Information Technology team at our Malvern, PA headquarters.
This role will drive the structure and sustainability of CubeSmarts cybersecurity and compliance program by leading initiatives that strengthen audit readiness, ensure adherence to frameworks such as PCI DSS and SOX, and establish scalable governance and risk management practices.
Working cross-functionally with IT, Operations, Finance, and external partners, this teammate will serve as the central coordination point for compliance, audit, and cybersecurity program activities, transforming security operations and controls into an organized, well-documented, and continuously improving program.
This position is ideal for a cybersecurity professional who thrives on building structure, driving cross-functional alignment, and advancing the maturity of an evolving security program.
Who we are:
At CubeSmart, were intentional about culture. You can experience it everywhere from our mission statement of genuine care to our Its Whats Inside That Counts tagline to calling each other teammates rather than employees. This spirit fosters a fun and collaborative environment that has resulted in our rapid growth and being recognized amongst the top in our industry.
CubeSmarts award-winning team is made up of people who genuinely care. Teammates care about our customers and the life events and/or business needs they are facing. Teammates are passionate, responsible and understanding. The CubeSmart team is made up of people who have a can-do attitude, are committed to their own success and the success of the company, and lead by example.
If this sounds like a team and culture that matches your personal values and motivations, we want to hear from you.
Responsibilities:
Reporting to the Head of Cybersecurity, this role is responsible for establishing governance structure, managing audit and compliance programs, and enabling execution of key cybersecurity initiatives. Program Governance Develop and maintain cybersecurity program documentation, dashboards, and reporting to track initiatives, risks, and control effectiveness. Maintain the enterprise security risk register, mapping risks to frameworks such as CIS Controls, PCI DSS, and SOX. Coordinate internal governance activities including policy reviews, control ownership assignments, and leadership reporting. Track and report remediation of control gaps, audit findings, and risk mitigation actions. Develop and maintain program metrics and maturity roadmaps. Audit & Compliance (PCI / SOX) Lead day-to-day coordination of PCI DSS and SOX compliance efforts, partnering with IT, Accounting, and both internal and external auditors. Organize and maintain evidence repositories to support control validation and external audits. Coordinate and document control testing, ensuring consistency and traceability across compliance frameworks. Translate audit observations into actionable improvement plans and monitor closure. Support data protection and privacy compliance in collaboration with Legal and Risk Management. Vendor & Data Risk Partner with Procurement, IT, and Legal to assess and monitor third-party vendor risk, ensuring security and compliance requirements are defined and validated. Contribute to data governance and protection initiatives by aligning data-related controls to applicable frameworks and policies. Program Enablement & Coordination Coordinate with technical owners and service providers to ensure security controls and tools supporting compliance (e.g., vulnerability management, MFA, logging, awareness training) are implemented and functioning as intended. Administer select program-level platforms such as Security Awareness or compliance workflow tools. Track progress of key cybersecurity initiatives, providing leadership with visibility into milestones, dependencies, and resource needs. Partner with IT and Infrastructure teams to align change management processes with security and compliance requirements. Develop and deliver training and awareness materials to promote cybersecurity and compliance best practices across the organization. Qualifications:
Education Bachelor's degree in information security, Information Technology, Accounting, or a related field. Relevant security or audit certification (e.g., CISA, CISM, CRISC, CISSP) preferred. Experience Minimum of 5-8 years of experience in IT security, compliance, or audit roles, preferably with a focus on PCI DSS and SOX compliance. Demonstrated experience managing audit programs, control testing, and risk assessments. Experience creating and maintaining governance documentation, risk registers, and program dashboards. Prior involvement with third-party risk management or data governance programs preferred. Knowledge & Skills Strong understanding of PCI DSS and SOX compliance frameworks, IT General Controls (ITGCs), and control design principles. Working knowledge of risk management, audit methodologies, and governance frameworks (e.g., CIS Controls, NIST CSF). Familiarity with compliance management and reporting tools, and the ability to synthesize technical, risk, and audit information into clear, actionable reporting for both technical and business audiences. Professional & Interpersonal Skills Strong project management and organizational skills; able to manage multiple priorities and deadlines effectively. Excellent written and verbal communication skills, capable of influencing and collaborating across technical and business teams. Collaborative mindset and strong interpersonal skills, fostering productive relationships across departments. High attention to detail, accountability, and ownership of outcomes. Preferred Certifications Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified Information Systems Security Professional (CISSP) #LI-MT1
Reporting to the Head of Cybersecurity, this role is responsible for establishing governance structure, managing audit and compliance programs, and enabling execution of key cybersecurity initiatives. Program Governance Develop and maintain cybersecurity program documentation, dashboards, and reporting to track initiatives, risks, and control effectiveness. Maintain the enterprise security risk register, mapping risks to frameworks such as CIS Controls, PCI DSS, and SOX. Coordinate internal governance activities including policy reviews, control ownership assignments, and leadership reporting. Track and report remediation of control gaps, audit findings, and risk mitigation actions. Develop and maintain program metrics and maturity roadmaps. Audit & Compliance (PCI / SOX) Lead day-to-day coordination of PCI DSS and SOX compliance efforts, partnering with IT, Accounting, and both internal and external auditors. Organize and maintain evidence repositories to support control validation and external audits. Coordinate and document control testing, ensuring consistency and traceability across compliance frameworks. Translate audit observations into actionable improvement plans and monitor closure. Support data protection and privacy compliance in collaboration with Legal and Risk Management. Vendor & Data Risk Partner with Procurement, IT, and Legal to assess and monitor third-party vendor risk, ensuring security and compliance requirements are defined and validated. Contribute to data governance and protection initiatives by aligning data-related controls to applicable frameworks and policies. Program Enablement & Coordination Coordinate with technical owners and service providers to ensure security controls and tools supporting compliance (e.g., vulnerability management, MFA, logging, awareness training) are implemented and functioning as intended. Administer select program-level platforms such as Security Awareness or compliance workflow tools. Track progress of key cybersecurity initiatives, providing leadership with visibility into milestones, dependencies, and resource needs. Partner with IT and Infrastructure teams to align change management processes with security and compliance requirements. Develop and deliver training and awareness materials to promote cybersecurity and compliance best practices across the organization. Qualifications:
Education Bachelor's degree in information security, Information Technology, Accounting, or a related field. Relevant security or audit certification (e.g., CISA, CISM, CRISC, CISSP) preferred. Experience Minimum of 5-8 years of experience in IT security, compliance, or audit roles, preferably with a focus on PCI DSS and SOX compliance. Demonstrated experience managing audit programs, control testing, and risk assessments. Experience creating and maintaining governance documentation, risk registers, and program dashboards. Prior involvement with third-party risk management or data governance programs preferred. Knowledge & Skills Strong understanding of PCI DSS and SOX compliance frameworks, IT General Controls (ITGCs), and control design principles. Working knowledge of risk management, audit methodologies, and governance frameworks (e.g., CIS Controls, NIST CSF). Familiarity with compliance management and reporting tools, and the ability to synthesize technical, risk, and audit information into clear, actionable reporting for both technical and business audiences. Professional & Interpersonal Skills Strong project management and organizational skills; able to manage multiple priorities and deadlines effectively. Excellent written and verbal communication skills, capable of influencing and collaborating across technical and business teams. Collaborative mindset and strong interpersonal skills, fostering productive relationships across departments. High attention to detail, accountability, and ownership of outcomes. Preferred Certifications Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified Information Systems Security Professional (CISSP) #LI-MT1