Join the World's Top Legal Talent Network

No relocation or sponsorship will be considered. __This position is majority located "In office - Grapevine, Texas.__*

BASIC PURPOSE AND SCOPE OF POSITION The Manager, Security & Privacy Compliance is responsible for leading and advancing the cybersecurity, privacy, and governance, risk, and compliance (GRC) programs for Kubota Credit Corporation, U.S.A. (KCC), Kubota Tractor Acceptance Corporation (KTAC), and Kubota Insurance Corporation (KIC).

This role ensures adherence to applicable federal and state regulations, industry standards, and internal policies to protect the confidentiality, integrity, and availability of the organization’s information assets.

This position serves as a strategic advisor and operational leader, collaborating across departments to implement, monitor, and continuously improve security and privacy controls. The Manager will also drive awareness, training, and compliance initiatives while fostering a culture of security and risk management.

PRINCIPAL ACTIVITIES: This position does the following in accordance with all applicable Federal, State and local laws / regulations and the Company’s policies, procedures and guidelines:

• Maintain up-to-date knowledge of relevant cybersecurity, privacy, and compliance regulations (e.g., NYDFS, GLBA, CCPA, GDPR).
• Lead and manage a cross-functional team responsible for enterprise-wide cybersecurity, privacy, and GRC (governance, risk, and compliance) programs across KCC, KTAC, and KIC
• Develop, implement, and maintain security and privacy policies, standards, and procedures in collaboration with Legal, Compliance, and IT.
• Lead internal audits, risk assessments, and investigations related to information security and privacy incidents.
• Monitor security tools (e.g., SIEM, IDS/IPS) and analyze trends to identify threats and vulnerabilities.
• Coordinate and facilitate the Executive Security & Privacy Steering Committee and monthly Working Group meetings.
• Track and report on key performance indicators (KPIs) and metrics to measure program effectiveness.
• Provide subject matter expertise for system design reviews, and for vendor engagement, oversight, risk assessments, and contract negotiations.
• Partner with HR, Legal, and business units to ensure alignment of security and privacy initiatives with organizational goals.
• Oversee the organization’s record retention program.
• Promote awareness and training programs to enhance the security and privacy culture across the enterprise.
• Ensure compliance with frameworks such as CIS, NIST, ISO 27001, and other industry standards.
• Maintain confidentiality and demonstrate ethical conduct in all activities.
• Other duties as assigned by management.

MINIMUM QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Security, or related field preferred.
• Minimum of 7 years of experience in information security, privacy, or compliance roles.
• At least 2 years of experience in a financial services or captive finance environment preferred.
• Deep working knowledge of federal and state information security, cybersecurity and privacy laws, as well as customary contractual requirements.
• Strong understanding of information security principles, architecture and methodologies (including risk assessment and audit methodologies). Proven experience developing security, data privacy and information risk assessment programs.
• Experience with security frameworks (e.g., CIS, NIST CSF, ISO 27001).