Before you apply to a job, select your language preference from the options available at the top right of this page.

Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.

Job Description:

The Vice President of Information Security will lead the global Governance, Risk, and Compliance (GRC) function, driving strategic oversight and operational excellence across cybersecurity policy, regulatory compliance, risk management, and assurance. This role will serve as a key advisor to the Chief Information Security Officer (CISO), business and technology leadership, helping to ensure the organization’s cyber risk posture aligns with business objectives and global regulatory expectations. This role requires a leader with expertise in cybersecurity governance, security risk management, regulatory compliance, and third-party risk. You will lead a global team of professionals and collaborate with executive stakeholders to embed security into the organization’s culture, operations, and strategic initiatives.

RESPONSIBILITIES

Strategy and Leadership

Articulate program strategy and mobilizes the workforce to collaboratively achieve appropriate cybersecurity objectives through internal and external relationships.Champion technology and funding recommendations to senior management to help ensure appropriate controls and capabilities are in place to meet business objectivesRepresent the company in external regulatory and industry forums, supporting compliance and thought leadership

Cybersecurity Governance

Facilitate corporate cybersecurity governance forums and executive steering committees to align cybersecurity risk management strategy with enterprise risk appetiteCommunicate verbally and in writing to senior leadership team with various levels of technical knowledge, educates them about cybersecurity risk management topics, and shares insights and recommendations that inform risk management strategies.Define and enforce enterprise-wide cybersecurity policies, standards, and procedures, ensuring they are current, enforceable, and adopted across business units.

Risk Management

Conduct security risk assessments to evaluate asset protection and control effectiveness.Apply risk models to assess threats, vulnerabilities, and business impact.Maintain a risk register and drive remediation through corrective action plans.Partner with stakeholders to ensure risk mitigation and achieve regulatory compliance.

Mergers and Acquisitions

Conduct security due diligence on target companies to identify risks and integration challenges.Assess cybersecurity posture, compliance status, and data protection practices of acquisition targets.Advise on risk mitigation strategies and contractual security requirements during deal negotiations.Support post-acquisition integration by aligning security controls, policies, and infrastructure.

Regulatory Compliance

Stay updated on regulatory changes and industry standards (e.g., ISO, NIST, PCI-DSS EU Regulations)Ensure compliance with global cybersecurity and data protection regulations, including but not limited to PCI-DSS, EU NIS2, and other industry-specific regulatory and standardsOversee external cybersecurity audits, regulatory assessments, and certification processes (e.g., ISO 27001, SOC 2).Partner with legal, privacy, and internal audit teams to manage regulatory inquiries, audits, and responses.

Security Training and Awareness

Lead the design and execution of a security awareness program aligned with regulatory and organizational needs.Create engaging, role-specific training content and phishing simulations.Track and report on training effectiveness and compliance metrics.Partner with stakeholders to embed security culture across the organization.

Third-Party and Supply Chain Cyber Risk

Lead the third-party cyber risk management program, including due diligence, onboarding assessments, contract reviews, and continuous monitoring.Develop and maintain a scalable framework for evaluating and managing risks associated with vendors, partners, and supply chain entities.Collaborate with procurement, legal, and business units to help ensure third-party cyber risk is addressed throughout the vendor lifecycle.

Artificial Intelligence Security

Contribute to the development of AI guardrails to help ensure secure adoption of AI technologies across the enterprise.Perform risk assessments on AI systems against security standards and regulatory considerations.Collaborate with data science, IT, and information security teams to integrate secure practices into the AI/ML lifecycle (e.g., threat modeling, risk assessments, and secure model deployment).

Program Assurance

Act as the point of contact for customer security inquiries and assessments.Create and manage security documentation, including questionnaires and audit responses.Support customer contract negotiations by aligning security commitments with internal policies.Improve assurance processes by analyzing customer feedback and streamlining responses

Disaster Recovery

Oversee annual DR assessments and exercises in partnership with asset owners and key stakeholders.Monitor execution of remediation plans and track closure of identified gaps.Maintain DR governance policies, documentation, and reporting readiness across critical systems.

Metrics, Reporting and Executive Communication

Define and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of GRC programs.Develop executive-level dashboards and reports that translate technical risk into business impact.Deliver regular briefings to the CISO and technology leadership on cyber risk posture, compliance status, and strategic initiatives.

Strategic Partnerships and Industry Engagement

Represent the organization in industry forums, working groups, and public-private partnerships.Monitor regulatory developments and industry trends to proactively adapt GRC strategies.Collaborate with peers in IT, legal, privacy, HR, and business operations to embed security into digital transformation and innovation initiatives.

QUALIFICATIONS

Technical Expertise

Deep knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001), risk methodologies, and regulatory landscapes.Proficient in GRC tools for tracking and managing compliance, conducting risk assessments and reporting.Knowledge in the field of various security controls including identity and access management, network security, data protection, cloud security, endpoint security, security logging and monitoring, incident response, disaster recovery, and security program policies

Leadership & Talent Development

Experience building, leading, and mentoring a high-performing global team of cybersecurity professionals across governance, risk, compliance, and third-party risk domains.Highly advanced facilitation skills with the ability to lead virtual teams to desired outcomes and obtain buy-in from senior leadership on deliverables.Demonstrated experience fostering a culture of accountability, innovation, and continuous improvement within the GRC function.Proven champion of talent development to support business needs, changes in technology, and continual program improvement.

Project and Product Management

Experience managing complex projects in a fast-paced business and technology environment. Demonstrates ability to evaluate project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan.Experience working with platform and service management teams in an agile environment.Experience developing platform and service specifications, writing user stories, and identifying and prioritizing competing platforms and services to deliver results while making sense of ambiguity.

Communication and Stakeholder Management

Exceptional ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies.Excellent communication and stakeholder management skills, with demonstrated success in facilitating cross-functional collaboration.Experience with aligning stakeholders with competing priorities, including senior executives.

Experience and Education

10+ years of experience leading high-performing teams, both in direct reporting as well as cross-functional groups.Bachelor’s degree in arts/sciences (BA/BS) or equivalent experience in Data Science, Computer Science, Engineering, Statistics, or related field required; Master’s degree or MBA preferred.Industry recognized information security certifications  (e.g., ISC2, ISACA, SANS, Cloud Service Providers) preferred.

Additional Information for Internal Applicants

Position will be posted through August 11, 2025Payband: 50D

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $167,940/year to $272,990/year. Pay is based on several factors including but not limited to, market location and may vary depending on job-related knowledge, skills, and education/training and a candidate’s work experience. Hired applicants are offered annual short-term and/or long-term incentive compensation programs, subject to applicable eligibility requirements. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance. The company offers the following benefits for this position, subject to applicable eligibility requirements. Medical/prescription drug coverage, Dental coverage, Vision coverage, Flexible Spending Account, Health Savings Account, Dependent Care Flexible Spending Account, Basic and Supplemental Life Insurance & Accidental Death and Dismemberment, Disability Income Protection Plan, Employee Assistance Program, 401(k) retirement program, Vacation, Paid Holidays and Personal time, Paid Sick and Family and Medical Leave time as required by law, and Discounted Employee Stock Purchase Program.

Employee Type:
 

Permanent

UPS is committed to providing a workplace free of discrimination, harassment, and retaliation.

Employer will sponsor visas for specific positions. UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law.