Sr. Manager of Cybersecurity Governance, Risk Mgmt & Compliance

United Rentals

Charlotte, NC

Apply

JOB DETAILS

SKILLS

Access Control, Budget Management, CISSP - Certified Information Systems Security Professional, Capital Expenditure (CAPEX), Continuous Improvement, Defense Federal Acquisition Regulations Supplement (DFARS), Due Diligence, Equipment Rentals, Establish Priorities, External Audit, ISO (International Organization for Standardization), Incident Response, Industry/Trade Analysis, Internet Security, Investment Management, Investment Strategy, Leadership, Legal, Loss Prevention, Machine Tool, Mentoring, Operational Expenditure (OPEX), Operations Processes, Organizational Development/Management, PCI-DSS, Penetration Testing, Performance Metrics, Phishing, Privacy Controls, Profit & Loss, Purchasing/Procurement, Regulations, Regulatory Requirements, Rentals, Risk, Risk Management, Sarbanes-Oxley Act (SOX), Security Attacks, Security Compliance, Set Goals, Social Engineering, Software as a Service (SaaS), Strategic Planning, Team Lead/Manager, Team Player, Testing, Training Data Sets, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation

LOCATION

Charlotte, NC

POSTED

Today

Great company. Great people. Great opportunities.

If you'd like the chance to make your mark with the world's largest equipment rental provider, come build your future with United Rentals!

The Sr. Manager of Cybersecurity GRC (Gov, Risk Mgt & Comp) is a leader responsible for shaping the firm's governance, risk, compliance, and data privacy posture. This role owns the multi-year GRC strategy, manages the cybersecurity budget (P&L for the function), and serves as the primary liaison and subject matter expert to executive leadership and the Board. The Sr. Manager aligns security investments with business objectives and leads initiatives that mature people, processes, and technology to ensure resilience against sophisticated threats while meeting global regulatory requirements.

**This is a hybrid role**

What you'll do:

Policy, Procedure, and Standards Governance

Lead the development, maintenance, and enforcement of a comprehensive cybersecurity policy framework-including core policy and sub policies (e.g., Acceptable Use, Access Control)-aligned to ISO, NIST, and company values.
Translate complex regulatory requirements into actionable, auditable operating procedures for IT and other teams.
Serve as the organizational Center of Excellence for security standards, proactively updating them in anticipation of emerging mandates and industry trends.
Strategic Planning & Budgeting
Own the multi-year cybersecurity roadmap and align investments to enterprise strategy, justifying capital and operational expenditures to leadership.
Manage the cybersecurity budget, optimizing security to value across talent, tooling, and third party services.

Compliance & Data Privacy

Direct implementation and continuous review of global and sectoral mandates, including GDPR, PCI DSS, DFARS/CMMC, CCPA/CPRA, and SOX.
Engage with external vendors and auditors on matters of cybersecurity oversight and assurance.
Risk Management & Reporting
Convert qualitative technical risks into quantified business impacts to inform prioritization and investment.
Develop and maintain the Enterprise Cyber Risk Register and integrate it with the broader ERM framework.
Establish and report KRIs and KPIs to the Board and Executive Leadership; enforce the enterprise risk appetite across initiatives.
Provide balanced governance to ensure speed to market does not compromise security integrity.

Third-Party & Vendor Risk Management (TPRM)

Manage the end to end lifecycle of vendor security-from pre contract due diligence to continuous monitoring of critical SaaS and infrastructure partners.
Partner with Legal and Procurement to ensure robust security and privacy terms, including indemnification, in third party agreements.

Adversarial Readiness & Incident Response

Lead the red team, penetration testing, and cyber maturity assessment programs.
Serve as a key member of the incident response command structure, with emphasis on regulatory and crisis workstreams during a breach.

Security Culture & Awareness

Design and deliver high impact training that goes beyond "check the box" compliance to build true security ownership across the workforce.
Run advanced phishing and social engineering simulations to continuously test and enhance resilience.
Promote a culture of cyber awareness and compliance.

Data Privacy and Data Loss Prevention (DLP)

Define the enterprise strategy for data classification, tagging, tracking, and handling.

People Leadership & Organizational Development

Direct, mentor, and develop teams.
Establish goals, performance expectations, and development plans; build succession capability.
Foster a culture of collaboration, accountability, and continuous improvement.
Other duties as assigned.

Requirements:

Education/Certifications: CRISC, CGEIT, CISM, or CISA required. CISSP preferred.
10+ years in Cybersecurity, with at least 5 years in a leadership role managing complex GRC (Gov, Risk Mgt & Comp) functions
Deep familiarity with the NIST Cybersecurity Framework, ISO 27001, and the legal nuances of international data transfer
Experience with GDPR, CMMC readiness and certification efforts, secure handling of Controlled Unclassified Information (CUI), DFARS compliance and incident reporting protocols
Office environment; sitting at a desk and working at a computer (hybrid)
Occasional travel
Respond to incidents in off-hours
Candidate will be hired as a Senior Manager or Manager depending upon experience and qualifications

Why join us?

We don't just "talk the talk!" We're an award-winning company (recently named a Glassdoor Best Place to Work in 2026) that truly cares about our people - That's why we offer best-in-class benefits and perks that will support you and your family. In addition to our health and financial plans, we also offer:

Paid Parental Leave
United Compassion Fund
Employee Discount Program
Career Development & Promotional Opportunities
Additional Vacation Buy Up Program (US Only)
Early Wage Access through Payactiv (US Hourly Only)
Paid Sick Leave
An inclusive and welcoming culture

Learn more about our full US benefit offerings here.

United Rentals, Inc. is an Equal Opportunity Employer and makes employment decisions regardless of race, color, religion, sex, national origin, age, genetic information, citizenship status, veteran status, sexual orientation, gender identity, disability, or any other status protected by law. If you need a reasonable accommodation at any point of the application process, please email careers@ur.com for assistance.

At United Rentals, we proudly hire active duty members, veterans, reservists, and their families. The values that define your service-leadership, discipline, integrity, and teamwork-are the same values that drive our success. With many veterans already part of our team, we're ready to help you transition into a rewardingcareer.

United Rentals consists of a wide variety of roles with different duties and responsibilities. The actual pay rate offered to candidates varies depending upon a wide range of factors including specific position, location, education, training, experience, skills, and ability.

About the Company

United Rentals

Founded in 1997, United Rentals is the largest equipment rental company in the world, with a store network nearly three times the size of any other provider, and locations in 49 states and 10 Canadian provinces. Building a better future is our commitment to the people and communities we serve. United Rentals, Inc. is the largest equipment rental company in the world. The company has an integrated network of 1,186 rental locations in North America and 11 in Europe. In North America, the company operates in 49 states and every Canadian province. The company’s approximately 18,500 employees serve construction and industrial customers, utilities, municipalities, homeowners and others. The company offers approximately 3,800 classes of equipment for rent with a total original cost of $14.18 billion. United Rentals is a member of the Standard & Poor’s 500 Index, the Barron’s 400 Index and the Russell 3000 Index® and is headquartered in Stamford, Conn. Additional information about United Rentals is available at unitedrentals.com. Our Customers Our diverse customer base includes construction and industrial companies, utilities, municipalities, government agencies and independent contractors. Most of our customers align with three categories: approximately 50% are non-construction, such as industrial; 46% are non-residential construction; and 4% are residential. We provide every customer with access to the best people, equipment and solutions in the industry. Our Mission Deploy the best people, equipment and solutions to enable our customers to safely build a better and stronger future. Our Values Safety First Act, and require others to act, in a manner that puts the safety of our employees, customers and communities first. A Passion For People Build a diverse workplace that challenges all employees to grow professionally and embrace teamwork. Visible Leadership Lead by example in every business decision and action, with a sense of humility and responsibility. Customer-Driven Support the best interests of our customers and develop better ways for them to succeed at their jobs. Absolute Integrity Always do the right thing, honor commitments and ensure appropriate corporate governance. Community-Minded Be an outstanding corporate citizen and a good neighbor in every sense by being helpful, respectful, law-abiding and friendly. Continuous Innovation Contribute to a culture of innovative thinking that empowers employees to improve quality, efficiency and customer service. Sustainability Engage in practices that lead to positive change by encouraging social accountability and environmental responsibility.

COMPANY SIZE

10,000 employees or more

INDUSTRY

Rental Services

WEBSITE

http://www.unitedrentals.com