Manager, IT Risk & Compliance
Celestica Inc., Saint Paul, MN, United States
Summary
The Manager of IT Risk & Compliance is a strategic leader within the Global IT Security organization, responsible for driving the enterprise Governance, Risk, and Compliance (GRC) program. This role ensures that information systems align with global security strategies, regulatory requirements, and the IT roadmap.
Acting as a key liaison between IT Security and business stakeholders, the Manager leads proactive, data-driven cybersecurity initiatives that strengthen enterprise resilience, reduce risk exposure, and support secure business growth.
Detailed Description
CMMC Program Execution
– Drive organizational readiness and successful execution of CMMC Level 2 assessments across Aerospace & Defense (A&D) sites.
Audit & Assurance Management
– Oversee the full lifecycle of internal and external IT audits, including preparation, stakeholder coordination, and timely remediation of findings.
GRC Program Management
– Implement and manage the enterprise GRC platform to centralize compliance tracking, POA&M management, and risk reporting.
Identity & Access Governance
– Define and enforce access control standards, including compliance with complex global requirements such as ITAR and EAR.
Security Documentation & Standards
– Direct the development and maintenance of System Security Plans (SSPs) and supporting security documentation.
Risk Identification & Mitigation
– Partner with site-level IT teams to identify vulnerabilities and embed security controls into business processes.
Program & Project Leadership
– Lead cross-functional security and compliance initiatives, managing scope, timelines, resources, and executive reporting.
Qualifications
Strong understanding of IT security frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT, ITIL)
Expertise in regulatory requirements including CMMC, DFARS, SOX, HIPAA, PCI DSS, and global compliance standards
Ability to translate complex security and risk concepts for both technical and non‑technical audiences
Proven experience in risk management, internal controls, and audit processes
Strong project and program management capabilities
Advanced analytical and problem‑solving skills
Effective communication, collaboration, and stakeholder management skills
Experience with enterprise GRC tools and platforms
Solid understanding of change management processes
Typical Experience
5–7+ years of experience in IT Security, Risk Management, or Compliance, preferably in manufacturing or defense environments
Strong working knowledge of NIST 800‑171, CMMC, ITAR, and GDPR
Demonstrated ability to manage multiple complex initiatives in regulated environments
Preferred Certifications
CMMC Certified Professional (CCP) (highly preferred)
CMMC Certified Assessor (CCA)
CISSP, CISA, ISO/IEC 27001 Lead Auditor, or PMP
Typical Education
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Compensation
Salary Range: $107,000 - 147,000 USD
This range describes the base salary and target Short‑Term Incentive (STI) compensation only. A comprehensive benefits package is offered in addition to this range, and may adjust based on job duties, experience, and geographic jurisdiction.
Physical Demands
Duties of this position are performed in a normal office environment. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
Notes
This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.
Equal Employment Opportunity
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Celestica’s policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law. This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr
The Manager of IT Risk & Compliance is a strategic leader within the Global IT Security organization, responsible for driving the enterprise Governance, Risk, and Compliance (GRC) program. This role ensures that information systems align with global security strategies, regulatory requirements, and the IT roadmap.
Acting as a key liaison between IT Security and business stakeholders, the Manager leads proactive, data-driven cybersecurity initiatives that strengthen enterprise resilience, reduce risk exposure, and support secure business growth.
Detailed Description
CMMC Program Execution
– Drive organizational readiness and successful execution of CMMC Level 2 assessments across Aerospace & Defense (A&D) sites.
Audit & Assurance Management
– Oversee the full lifecycle of internal and external IT audits, including preparation, stakeholder coordination, and timely remediation of findings.
GRC Program Management
– Implement and manage the enterprise GRC platform to centralize compliance tracking, POA&M management, and risk reporting.
Identity & Access Governance
– Define and enforce access control standards, including compliance with complex global requirements such as ITAR and EAR.
Security Documentation & Standards
– Direct the development and maintenance of System Security Plans (SSPs) and supporting security documentation.
Risk Identification & Mitigation
– Partner with site-level IT teams to identify vulnerabilities and embed security controls into business processes.
Program & Project Leadership
– Lead cross-functional security and compliance initiatives, managing scope, timelines, resources, and executive reporting.
Qualifications
Strong understanding of IT security frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT, ITIL)
Expertise in regulatory requirements including CMMC, DFARS, SOX, HIPAA, PCI DSS, and global compliance standards
Ability to translate complex security and risk concepts for both technical and non‑technical audiences
Proven experience in risk management, internal controls, and audit processes
Strong project and program management capabilities
Advanced analytical and problem‑solving skills
Effective communication, collaboration, and stakeholder management skills
Experience with enterprise GRC tools and platforms
Solid understanding of change management processes
Typical Experience
5–7+ years of experience in IT Security, Risk Management, or Compliance, preferably in manufacturing or defense environments
Strong working knowledge of NIST 800‑171, CMMC, ITAR, and GDPR
Demonstrated ability to manage multiple complex initiatives in regulated environments
Preferred Certifications
CMMC Certified Professional (CCP) (highly preferred)
CMMC Certified Assessor (CCA)
CISSP, CISA, ISO/IEC 27001 Lead Auditor, or PMP
Typical Education
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Compensation
Salary Range: $107,000 - 147,000 USD
This range describes the base salary and target Short‑Term Incentive (STI) compensation only. A comprehensive benefits package is offered in addition to this range, and may adjust based on job duties, experience, and geographic jurisdiction.
Physical Demands
Duties of this position are performed in a normal office environment. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
Notes
This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.
Equal Employment Opportunity
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Celestica’s policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law. This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr