Sr. Manager of Cybersecurity Governance, Risk Mgmt & Compliance

Great company. Great people. Great opportunities.

If you'd like the chance to make your mark with the world's largest equipment rental provider, come build your future with United Rentals!

The Sr. Manager of Cybersecurity GRC (Gov, Risk Mgt & Comp) is a leader responsible for shaping the firm's governance, risk, compliance, and data privacy posture. This role owns the multi-year GRC strategy, manages the cybersecurity budget (P&L for the function), and serves as the primary liaison and subject matter expert to executive leadership and the Board. The Sr. Manager aligns security investments with business objectives and leads initiatives that mature people, processes, and technology to ensure resilience against sophisticated threats while meeting global regulatory requirements.

**This is a hybrid role**

What you'll do:

Policy, Procedure, and Standards Governance

• Lead the development, maintenance, and enforcement of a comprehensive cybersecurity policy framework-including core policy and sub policies (e.g., Acceptable Use, Access Control)-aligned to ISO, NIST, and company values.
• Translate complex regulatory requirements into actionable, auditable operating procedures for IT and other teams.
• Serve as the organizational Center of Excellence for security standards, proactively updating them in anticipation of emerging mandates and industry trends.
• Strategic Planning & Budgeting
• Own the multi-year cybersecurity roadmap and align investments to enterprise strategy, justifying capital and operational expenditures to leadership.
• Manage the cybersecurity budget, optimizing security to value across talent, tooling, and third party services.

Compliance & Data Privacy

• Direct implementation and continuous review of global and sectoral mandates, including GDPR, PCI DSS, DFARS/CMMC, CCPA/CPRA, and SOX.
• Engage with external vendors and auditors on matters of cybersecurity oversight and assurance.
• Risk Management & Reporting
• Convert qualitative technical risks into quantified business impacts to inform prioritization and investment.
• Develop and maintain the Enterprise Cyber Risk Register and integrate it with the broader ERM framework.
• Establish and report KRIs and KPIs to the Board and Executive Leadership; enforce the enterprise risk appetite across initiatives.
• Provide balanced governance to ensure speed to market does not compromise security integrity.

Third-Party & Vendor Risk Management (TPRM)

• Manage the end to end lifecycle of vendor security-from pre contract due diligence to continuous monitoring of critical SaaS and infrastructure partners.
• Partner with Legal and Procurement to ensure robust security and privacy terms, including indemnification, in third party agreements.

Adversarial Readiness & Incident Response

• Lead the red team, penetration testing, and cyber maturity assessment programs.
• Serve as a key member of the incident response command structure, with emphasis on regulatory and crisis workstreams during a breach.

Security Culture & Awareness

• Design and deliver high impact training that goes beyond "check the box" compliance to build true security ownership across the workforce.
• Run advanced phishing and social engineering simulations to continuously test and enhance resilience.
• Promote a culture of cyber awareness and compliance.

Data Privacy and Data Loss Prevention (DLP)

• Define the enterprise strategy for data classification, tagging, tracking, and handling.

People Leadership & Organizational Development

• Direct, mentor, and develop teams.
• Establish goals, performance expectations, and development plans; build succession capability.
• Foster a culture of collaboration, accountability, and continuous improvement.
• Other duties as assigned.

Requirements:

• Education/Certifications: CRISC, CGEIT, CISM, or CISA required. CISSP preferred.
• 10+ years in Cybersecurity, with at least 5 years in a leadership role managing complex GRC (Gov, Risk Mgt & Comp) functions
• Deep familiarity with the NIST Cybersecurity Framework , ISO 27001, and the legal nuances of international data transfer
• Experience with GDPR, CMMC readiness and certification efforts, secure handling of Controlled Unclassified Information (CUI), DFARS compliance and incident reporting protocols
• Office environment; sitting at a desk and working at a computer (hybrid)
• Occasional travel
• Respond to incidents in off-hours
• Candidate will be hired as a Senior Manager or Manager depending upon experience and qualifications

Why join us?

We don't just "talk the talk!" We're an award-winning company (recently named a Glassdoor Best Place to Work in 2026) that truly cares about our people - That's why we offer best-in-class benefits and perks that will support you and your family. In addition to our health and financial plans, we also offer:

• Paid Parental Leave
• United Compassion Fund
• Employee Discount Program
• Career Development & Promotional Opportunities
• Additional Vacation Buy Up Program (US Only)
• Early Wage Access through Payactiv (US Hourly Only)
• Paid Sick Leave
• An inclusive and welcoming culture

Learn more about our full US benefit offerings here.

United Rentals, Inc. is an Equal Opportunity Employer and makes employment decisions regardless of race, color, religion, sex, national origin, age, genetic information, citizenship status, veteran status, sexual orientation, gender identity, disability, or any other status protected by law. If you need a reasonable accommodation at any point of the application process, please email View email address on click.appcast.io for assistance.

At United Rentals, we proudly hire active duty members, veterans, reservists, and their families. The values that define your service-leadership, discipline, integrity, and teamwork-are the same values that drive our success. With many veterans already part of our team, we're ready to help you transition into a rewardingcareer.

United Rentals consists of a wide variety of roles with different duties and responsibilities. The actual pay rate offered to candidates varies depending upon a wide range of factors including specific position, location, education, training, experience, skills, and ability.