Information Security Program Manager

Overview

CubeSmart is hiring a Program Manager of Information Security to join our Information Technology department at our Malvern, PA, headquarters location.  They will support CubeSmart’s security program initiatives and leverage automation and 3^rd party relationships to ensure that security measures are in place to protect information, network infrastructure, and all IT-related systems.  In addition, this position will play a critical and hands-on role in all aspects of compliance and auditing requirements including PCI DSS (Payment Card Industry Data Security Standard) and Sarbanes-Oxley (SOX) audit requirements. This position involves gathering, maintaining, and auditing the necessary documentation and automation to ensure adherence to regulatory requirements. This role will collaborate with key functions including Information Technology, Operations, and Accounting to ensure that all security and compliance matters are handled as required.

Who we are:

At CubeSmart, we’re intentional about culture. You can experience it everywhere from our mission statement of “genuine care” to our “It’s What’s Inside That Counts” tagline to calling each other “teammates” rather than employees. This spirit fosters a fun and collaborative environment that has resulted in our rapid growth and being recognized amongst the top in our industry.

CubeSmart’s award-winning team is made up of people who genuinely care. Teammates care about our customers and the life events and/or business needs they are facing. Teammates are passionate, responsible and understanding. The CubeSmart team is made up of people who have a can-do attitude, are committed to their own success and the success of the company, and lead by example.

If this sounds like a team and culture that matches your personal values and motivations, we want to hear from you.

Responsibilities

Reporting to the Director of Information Security, this role will be responsible for the identification, reporting, and remediation of security and compliance gaps across all technology systems.

• Execute and manage all security tools to ensure that information is protected and monitoring and tracking of all systems is in place and addressed as needed.
• Implement technologies that monitor systems and proactively detect and prevent potential issues.
• Leverage A.I. where available to drive efficiencies in both 3^rd party tools and SaaS models.
• Educate and train staff on security best practices and update program as needed.
• Play key role in on going audit requirements from providing evidence supporting privileged account management and system access controls across organization.
• Gather, maintain, and organize all required documentation for PCI DSS and SOX audits, ensuring accurate and up-to-date records.
• Assist in the preparation for PCI and SOX audits by providing relevant documentation and evidence and addressing auditor requests. Ensure internal control testing for SOX and PCI DSS compliance is thoroughly documented and operating
• Monitor compliance with PCI DSS and SOX requirements, reviewing policies, procedures, and documentation to ensure they meet current regulations.
• Assess and ensure third-party vendors meet PCI DSS, SOX, and other relevant compliance requirements. Collaborate with procurement, legal, and risk management teams to mitigate vendor risks.
• Support internal control testing efforts for SOX and PCI compliance, ensuring all security controls are operating effectively and are properly documented. Track and document compliance issues or deficiencies, following up on remediation efforts and coordinating with relevant teams to ensure timely resolution.
• Ensure compliance with data protection and privacy laws (e.g., GDPR, CCPA) in collaboration with legal and data governance teams.
• Generate and submit periodic compliance reports to management, detailing the organization’s compliance posture, outstanding issues, and the effectiveness of security controls.
• Assist in creating training materials and conducting awareness sessions on PCI and SOX compliance requirements for relevant departments.
• Coordinate and track the IT change management program, ensuring all changes to the production environments are properly documented and coordinated.

Qualifications

Education:

• Bachelor's degree in information security, Information Technology, Accounting, or a related field.
• Relevant security or audit certification (e.g., CISSP, CISA, CISM, CRISC) is required.

Experience:

• Minimum of 5-8 years of experience in IT security, compliance, or audit roles, preferably with a focus on PCI DSS and SOX compliance.
• Experience with control testing, risk assessments, and audit processes.
• PCI Qualified Security Assessor or Internal Security Assessor experience is preferred.

Knowledge & Skills:

• Strong understanding of PCI DSS and SOX compliance frameworks, IT General Controls (ITGCs), and security best practices.
• Familiarity with regulatory compliance, risk management, and auditing methodologies.
• Proficiency with compliance management tools, audit software, and reporting tools.
• Knowledge of data privacy regulations (e.g., GDPR, CCPA) is a plus.
• Strong communication, organizational, and leadership skills, with the ability to work independently and collaboratively across departments.

Soft Skills:

• Excellent verbal and written communication skills, with the ability to clearly explain complex compliance requirements.
• Strong organizational and time-management skills, with attention to detail.
• Leadership abilities to influence cross-functional teams and drive compliance efforts.
• Analytical mindset and problem-solving skills to address compliance gaps.
• Ability to manage multiple priorities and work independently in a fast-paced environment.

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)