Logo
UPS

Vice President of Information Security - Governance/Risk/Compliance (Remote)

UPS, WorkFromHome

Save Job

Vice President of Information Security - Governance/Risk/Compliance (Remote)

Join to apply for the Vice President of Information Security - Governance/Risk/Compliance (Remote) role at UPS

Vice President of Information Security - Governance/Risk/Compliance (Remote)

Join to apply for the Vice President of Information Security - Governance/Risk/Compliance (Remote) role at UPS

Before you apply to a job, select your language preference from the options available at the top right of this page.
Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.
Job Description
The Vice President of Information Security will lead the global Governance, Risk, and Compliance (GRC) function, driving strategic oversight and operational excellence across cybersecurity policy, regulatory compliance, risk management, and assurance. This role will serve as a key advisor to the Chief Information Security Officer (CISO), business and technology leadership, helping to ensure the organization’s cyber risk posture aligns with business objectives and global regulatory expectations. This role requires a leader with expertise in cybersecurity governance, security risk management, regulatory compliance, and third-party risk. You will lead a global team of professionals and collaborate with executive stakeholders to embed security into the organization’s culture, operations, and strategic initiatives.
Responsibilities
Strategy and Leadership

  • Articulate program strategy and mobilizes the workforce to collaboratively achieve appropriate cybersecurity objectives through internal and external relationships.
  • Champion technology and funding recommendations to senior management to help ensure appropriate controls and capabilities are in place to meet business objectives
  • Represent the company in external regulatory and industry forums, supporting compliance and thought leadership
Cybersecurity Governance
  • Facilitate corporate cybersecurity governance forums and executive steering committees to align cybersecurity risk management strategy with enterprise risk appetite
  • Communicate verbally and in writing to senior leadership team with various levels of technical knowledge, educates them about cybersecurity risk management topics, and shares insights and recommendations that inform risk management strategies.
  • Define and enforce enterprise-wide cybersecurity policies, standards, and procedures, ensuring they are current, enforceable, and adopted across business units.
Risk Management
  • Conduct security risk assessments to evaluate asset protection and control effectiveness.
  • Apply risk models to assess threats, vulnerabilities, and business impact.
  • Maintain a risk register and drive remediation through corrective action plans.
  • Partner with stakeholders to ensure risk mitigation and achieve regulatory compliance.
Mergers and Acquisitions
  • Conduct security due diligence on target companies to identify risks and integration challenges.
  • Assess cybersecurity posture, compliance status, and data protection practices of acquisition targets.
  • Advise on risk mitigation strategies and contractual security requirements during deal negotiations.
  • Support post-acquisition integration by aligning security controls, policies, and infrastructure.
Regulatory Compliance
  • Stay updated on regulatory changes and industry standards (e.g., ISO, NIST, PCI-DSS EU Regulations)
  • Ensure compliance with global cybersecurity and data protection regulations, including but not limited to PCI-DSS, EU NIS2, and other industry-specific regulatory and standards
  • Oversee external cybersecurity audits, regulatory assessments, and certification processes (e.g., ISO 27001, SOC 2).
  • Partner with legal, privacy, and internal audit teams to manage regulatory inquiries, audits, and responses.
Security Training and Awareness
  • Lead the design and execution of a security awareness program aligned with regulatory and organizational needs.
  • Create engaging, role-specific training content and phishing simulations.
  • Track and report on training effectiveness and compliance metrics.
  • Partner with stakeholders to embed security culture across the organization.
Third-Party and Supply Chain Cyber Risk
  • Lead the third-party cyber risk management program, including due diligence, onboarding assessments, contract reviews, and continuous monitoring.
  • Develop and maintain a scalable framework for evaluating and managing risks associated with vendors, partners, and supply chain entities.
  • Collaborate with procurement, legal, and business units to help ensure third-party cyber risk is addressed throughout the vendor lifecycle.
Artificial Intelligence Security
  • Contribute to the development of AI guardrails to help ensure secure adoption of AI technologies across the enterprise.
  • Perform risk assessments on AI systems against security standards and regulatory considerations.
  • Collaborate with data science, IT, and information security teams to integrate secure practices into the AI/ML lifecycle (e.g., threat modeling, risk assessments, and secure model deployment).
Program Assurance
  • Act as the point of contact for customer security inquiries and assessments.
  • Create and manage security documentation, including questionnaires and audit responses.
  • Support customer contract negotiations by aligning security commitments with internal policies.
  • Improve assurance processes by analyzing customer feedback and streamlining responses
Disaster Recovery
  • Oversee annual DR assessments and exercises in partnership with asset owners and key stakeholders.
  • Monitor execution of remediation plans and track closure of identified gaps.
  • Maintain DR governance policies, documentation, and reporting readiness across critical systems.
Metrics, Reporting and Executive Communication
  • Define and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of GRC programs.
  • Develop executive-level dashboards and reports that translate technical risk into business impact.
  • Deliver regular briefings to the CISO and technology leadership on cyber risk posture, compliance status, and strategic initiatives.
Strategic Partnerships and Industry Engagement
  • Represent the organization in industry forums, working groups, and public-private partnerships.
  • Monitor regulatory developments and industry trends to proactively adapt GRC strategies.
  • Collaborate with peers in IT, legal, privacy, HR, and business operations to embed security into digital transformation and innovation initiatives.
Qualifications
Technical Expertise
  • Deep knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001), risk methodologies, and regulatory landscapes.
  • Proficient in GRC tools for tracking and managing compliance, conducting risk assessments and reporting.
  • Knowledge in the field of various security controls including identity and access management, network security, data protection, cloud security, endpoint security, security logging and monitoring, incident response, disaster recovery, and security program policies
Leadership & Talent Development
  • Experience building, leading, and mentoring a high-performing global team of cybersecurity professionals across governance, risk, compliance, and third-party risk domains.
  • Highly advanced facilitation skills with the ability to lead virtual teams to desired outcomes and obtain buy-in from senior leadership on deliverables.
  • Demonstrated experience fostering a culture of accountability, innovation, and continuous improvement within the GRC function.
  • Proven champion of talent development to support business needs, changes in technology, and continual program improvement.
Project and Product Management
  • Experience managing complex projects in a fast-paced business and technology environment. Demonstrates ability to evaluate project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan.
  • Experience working with platform and service management teams in an agile environment.
  • Experience developing platform and service specifications, writing user stories, and identifying and prioritizing competing platforms and services to deliver results while making sense of ambiguity.
Communication and Stakeholder Management
  • Exceptional ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies.
  • Excellent communication and stakeholder management skills, with demonstrated success in facilitating cross-functional collaboration.
  • Experience with aligning stakeholders with competing priorities, including senior executives.
Experience And Education
  • 10+ years of experience leading high-performing teams, both in direct reporting as well as cross-functional groups.
  • Bachelor’s degree in arts/sciences (BA/BS) or equivalent experience in Data Science, Computer Science, Engineering, Statistics, or related field required; Master’s degree or MBA preferred.
  • Industry recognized information security certifications (e.g., ISC2, ISACA, SANS, Cloud Service Providers) preferred.
Additional Information For Internal Applicants
  • Position will be posted through August 11, 2025
  • Payband: 50D
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $167,940/year to $272,990/year. Pay is based on several factors including but not limited to, market location and may vary depending on job-related knowledge, skills, and education/training and a candidate’s work experience. Hired applicants are offered annual short-term and/or long-term incentive compensation programs, subject to applicable eligibility requirements. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance. The company offers the following benefits for this position, subject to applicable eligibility requirements. Medical/prescription drug coverage, Dental coverage, Vision coverage, Flexible Spending Account, Health Savings Account, Dependent Care Flexible Spending Account, Basic and Supplemental Life Insurance & Accidental Death and Dismemberment, Disability Income Protection Plan, Employee Assistance Program, 401(k) retirement program, Vacation, Paid Holidays and Personal time, Paid Sick and Family and Medical Leave time as required by law, and Discounted Employee Stock Purchase Program.
Employee Type
Permanent
UPS is committed to providing a workplace free of discrimination, harassment, and retaliation.
Employer will sponsor visas for specific positions. UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law.

Seniority level

  • Seniority level

    Executive

Employment type

  • Employment type

    Full-time

Job function

  • Job function

    Information Technology

  • Industries

    Truck Transportation

Referrals increase your chances of interviewing at UPS by 2x

Sign in to set job alerts for “Vice President Information Security” roles.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr