Manager, Global Information Security

Requisition Summary

The Information Security Manager is a leader responsible for building, coaching, and enabling a high-performing information security team. This role partners with business and IT leaders to strengthen enterprise risk management, develop practical security strategies, and drive consistent execution across a global environment. The manager oversees programs including security risk assessments, exception governance, security awareness, incident coordination and investigations, and security metrics/reporting. This position manages priorities and budget, influences stakeholders, and ensures security outcomes support businessobjectives. Reports to the Chief Information Security Officer. This is a global role, managing the North American and European Information Security teams, and providing direction to Division Security Liaisons across PACCAR divisions.

Job Functions / Responsibilities

• Lead, coach, and develop a globally distributed team of information security professionals; set clearobjectives, provide feedback, and support career growth.

• Own and mature the information security risk management program, including risk assessments, third-party risk input, and risk treatment plans aligned to business priorities.

• Run security exception governance (intake, analysis, approvals, renewals, and reporting), ensuring clear rationale and time-bound remediation plans.

• Provide leadership and consultation across key security domains, including:

• • Security governance, policies, standards, and control oversight

• • Security awareness and culture-building programs

• • Incident response, including investigations and lessons learned

• • Internal and third-party risk assessments and remediation tracking

• • Collaborate with product and engineering teams on product security expectations and risk-based priorities

• • Support regulatory, audit, and compliance initiatives by providing evidence, risk narratives, and program improvements

Qualifications

• 5+ years of people management experience, including hiring, performance management, coaching, and leading through change.

• 8+ years of experience in information security, technology risk, or related areas, withdemonstratedprogression in scope and impact.

• Strong risk management mindset: ability to assess risk, articulate tradeoffs, and drive practical mitigation plans that enable the business.

• Experience building and operating security governance (policies/standards, exceptions, metrics, and reporting) across a complex, multi-region organization.

• Proven ability to influence and partner across IT, legal, privacy, audit, and business stakeholders; executive-ready written and verbal communication skills.

• Demonstrated leadership in incident response coordination and investigations, with a focus on decision-making, communication, and continuous improvement.

• Strong prioritization and program management skills; able to manage multiple workstreams, dependencies, and timelines in a dynamic environment.

• Budget and vendor management experience, including defining outcomes, tracking performance, and managing renewals and contracts in partnership with procurement.

• Relevant certifications (e.g., CISSP, CISM, CRISC, Security+) are preferred but notrequired; equivalent experience is valued.

• Working knowledge of core security domains (identity and access management, network and endpoint security concepts, logging/monitoring, and data protection). Technical depth is less important than leadership and sound risk judgment.

Education

• Bachelor's degree in information systems, computer science, business, ora relatedfield.