Cybersecurity Strategy & Program Sr. Manager (HYBRID)

You may know McCormick as a leader in herbs, spices, seasonings, and condiments

• and we're only getting started. At McCormick, we're always looking for new people to bring their unique flavor to our team. McCormick employees
• all 14,000 of us across the world
• are what makes this company a great place to work.

We are looking to hire an Cybersecurity Strategy & Program Sr. Manager immediately in a Hybrid (50/50) capacity at our Global Headquarters in Hunt Valley, Maryland.

What We Bring To The Table:

The best people deserve the best rewards. In addition to the benefits you'd expect from a global leader (401k, health insurance, paid time off, etc.) we also offer:

• Competitive compensation
• Career growth opportunities
• Flexibility and Support for Diverse Life Stages and Choices
• Wellbeing programs including Position Overview The Cybersecurity Strategy & Program Sr.

Manager serves as the connective tissue between security leadership, technical teams, and the broader business, ensuring that security is embedded into every decision we make. We believe in proactive protection, transparent communication, and empowering every employee to be a guardian of our data and systems. The role is a critical component of the cybersecurity leadership team—turning vision into action. Orchestrates high-impact security initiatives, streamline governance processes, and ensures the security strategy is not only understood but embraced across the organization. The role directly influences how we protect our customers, our brand, and our future.

• Partner with the CISO to define, track, and communicate the company's cybersecurity strategy, priorities, and progress.
• Lead cross-functional security programs—such as enterprise risk & program assessments, compliance readiness, and data protection improvements.
• Develop and maintain executive-level dashboards, metrics, and reports that translate complex security metrics into clear business insights.
• Coordinate security governance forums, steering committees, and leadership briefings.
• Ensure alignment between security initiatives and business objectives, working closely with IT, EA, corporate security, strategic risk, legal, and cybersecurity teams.
• Provide decision-making support through analysis and recommendations and escalation of cyber risk decisions to appropriate committees.
• Manage stakeholder relationships, serving as a proxy or gatekeeper for the CISO, and synthesizing information for executive decisions.
• Drive continuous improvement in security processes, documentation, and communication.

Key Responsibilities Strategy Development Support:

Assists CISO in developing and implementing a comprehensive cybersecurity strategy that aligns business objectives and industry standards. Gains industry data and trends, business priority and strategy, stakeholder input and analysis of key data inputs to help CISO monitor and adjust cybersecurity strategy to changing trends while maintaining alignment to business strategy. Ensuring that the organization's strategies are clearly defined, operationally feasible, and aligned across teams Team Alignment to

Strategy:

Collaborating with other departments to ensure a cohesive approach to cybersecurity across the organization.

Cybersecurity Program Initiatives Oversight:

Supporting strategic business initiatives, from business plan development through successful execution. Holding PMs accountable for delivery. Provides reporting of status to CISO and Cybersecurity Governance Committees. This includes initiatives outside of CISO responsibility such as BCP, Physical Security, and IT projects that have cybersecurity impact (Tech Modernization). Overseeing special projects and managing cross-functional teams to anticipate risks through data analysis and planning.

Cybersecurity Governance Structure:

Manages agenda, membership, reporting, tracking of actions, presentation materials development, and facilitates meetings as necessary and escalation of cybersecurity risk decisions

Decision Support:

Providing decision-making support through analysis and recommendations and escalation of cyber risk decisions to appropriate committees. Managing stakeholder relationships, serving as a proxy or gatekeeper for the CISO, and synthesizing information for executive decisions.

Reports & Communication:

Research & develop content for communications needed by CISO for cybersecurity governance committees, audit committee and board reports, C-suite executives, and various stakeholders. Provides regular reporting on current security landscape, cyber trends, threats, and effectiveness of security program.

Metrics:

Oversees and executes the development, review, and regular stakeholder reporting of cybersecurity dashboards and metrics. Collaborates across cybersecurity team to assure metrics are appropriate and relevant. Provides reports to appropriate stakeholders including explanations for variations within reporting.

Program Maturity & Risk Assessments:

Facilitates External Program & Cybersecurity Risk Assessments at an enterprise level. Analyzes output from assessments, identifies gaps, works with stakeholders on prioritization and adjusts cybersecurity strategy and roadmaps accordingly to changing risks. Required Qualifications Bachelor's degree in computer science, information security, engineering, Business Management or related field Certifications such as Certified in Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or similar are strongly preferred 10-12 years of experience in cybersecurity program management, governance, risk, and compliance (GRC), or a related field. Experience conducting or facilitating assessment or audits, coordinating with auditors, and implementing audit recommendations. Broad and comprehensive knowledge of cybersecurity domains is required. Strong understanding of security frameworks (e.g., NIST

CSF, ISO 27001, CIS

Controls) and regulatory requirements (e.g., GDPR, HIPAA, SOX). Exceptional written & verbal communication skills—able to translate complex technical security concepts into business language for executives and stakeholders. Proven ability to manage multiple high-priority initiatives in a fast-paced environment. Experience with tools such as project management and collaboration tools, GRC platforms, and data visualization tools like Power BI or Tableau. A collaborative mindset with the ability to influence without direct authority. High ethical standards and a commitment to confidentiality and integrity. Ability to work effectively individually in a leadership role. Ability to work effectively with all levels of the organization #LI-NP2 McCormick & Company is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law. As a general policy, McCormick does not offer employment visa sponsorships upon hire or in the future.

Base Salary:

$121,900

• 219,410 Base salary compensation will be determined based on factors such as geographic location, skills, education, experience for this role, and/or internal equity of our current employees as part of any final offer.

This position is also eligible to participate in McCormick's Incentive Bonus (MIB) Plan. In addition to a competitive compensation package, permanent employees of McCormick are eligible for our extensive Total Rewards programs that include

• Comprehensive health plans covering medical, vision, dental, life and disability benefits
• Family-friendly benefits such as paid parental leave, fertility benefits, Employee Assistance Program, and caregiver support
• Retirement and investment programs including 401(k) and profit-sharing plans