Manager Information Security Governance/Risk/Compliance

Location: Modesto, CA, US, 95354

Date: Aug 6, 2025

Company: Gallo

Job Req ID: 106278 

Job Type: Full-time 

Work Category: Hybrid Telecommute 

Application Close Date: 08/22/2025 

Sponsorship: Not Available 

Compensation: $133900 - $200900 

 

Gallo Privacy Policy

 

We are GALLO

We’re a family-owned company with a 90+ year legacy, that’s consistently recognized as a Glassdoor “Best Places to Work.” We have 130+ brands in our total alcohol beverage portfolio including wine, malt, spirits, and ready-to-drink beverages. We’re home to the #1 wine and spirits brands in the U.S. - Barefoot Wine & High Noon and are the official sponsors of the NFL, NHL, UFC, and PGA TOUR.

 

View our Corporate Values and Mission Statement here.

 

A Taste of What You'll Do

 Are you a seasoned professional in information security with a talent for governance, risk, and compliance? Join our team as a Manager of Information Security Governance, Risk, and Compliance, where you will drive consistent, repeatable results by aligning security initiatives with industry controls, organizing information and evidence, measuring outcomes, and ensuring our information assets are protected at appropriate levels to withstand threats. You will build strong partnerships across the company, influencing others to mature the program and minimize regulatory and compliance concerns. Your role will ensure that key cybersecurity risks are identified, assessed, communicated, managed to tolerance, and monitored.

 

As a Manager, you will lead a team responsible for building and deploying effective policies, processes, and controls across various technologies, systems, applications, and business operations. Your responsibilities include managing the analysis of detailed specifications and business requirements, and overseeing an information security team, including hiring, training, staff development, performance management, and annual reviews.

 

You will plan, prioritize, and manage resources to ensure compliance with ITGCs, PCI, GDPR, CCPA, and other applicable regulations. Collaborating with Internal Audit and outside consultants, you will ensure audit compliance and attestation. Reviewing and updating information security policies and standards, you will ensure continued effectiveness and compliance with relevant laws.

 

Developing and communicating operational status reports, performance analysis, and ad hoc reporting requirements, you will manage the Information Security Risk Assessment Program, project risk assessments, vendor security assessments, and new technology assessments. You will oversee the Information Security Awareness Program, create data flows, data maps, and business process mapping.

 

Your role involves assigning, monitoring, and reviewing the progress and accuracy of work, preparing project requests and purchase requisitions, and presenting activities and progress reports. Acting as a liaison with information systems staff and other departments, you will coordinate activities and ensure projects progress on schedule and within budget.

 

We value intrapreneurship and ownership behaviors, encouraging bold thinking, appropriate risk-taking, learning from mistakes, showing initiative, and driving innovation. Setting high expectations, engaging in candid discussions, and holding yourself and others accountable are key to our success.

 

If you are a proactive leader ready to make a significant impact, we invite you to apply. Join us in fostering a culture of excellence and continuous improvement. Apply today to become an integral part of our innovative team!

 

What You'll Need

  • Bachelor's degree plus 5 years of experience in information security, information systems, or system administration reflecting increasing levels of responsibility; OR High School diploma or State-issued equivalency certificate plus 9 years of experience in information security, information systems or system administration reflecting increasing levels of responsibility; OR Bachelor’s degree in Computer Science, MIS, Math, Engineering, or Business Administration plus 4 years of experience in information security, information systems, or system administration.
  • Required to travel to company offices, sites, and/or meeting locations for onboarding, training, meetings, and events for development, department needs, and business delivery up to 5% of the time, with or without reasonable accommodation. This may be in addition to travel requirements, if applicable, as listed in this job description.
  • Required to be 18 years or older. This may be in addition to other age requirements, if applicable, as listed in this job description.

 

How You'll Stand Out

  •  Master’s degree.
  • Certified Information Systems Security Professional (CISSP) or equivalent Information security certification.
  • 7 years of experience managing a 24x7 support organization including staffing, service level management and L1 support for all facets of IT.
  • 5 years of experience managing out-sourced and cloud services vendors and associated contracts.
  • Demonstrates a passion for security and leads by example to foster continued growth and expertise within the team.
  • Authoritative knowledge of generally accepted security policies/frameworks and audit requirements as well as extensive experience with related technologies to ensure that compliance.
  • Proven experience successfully leading cybersecurity initiatives, specifically within Risk Management.
  • Experience reading, analyzing and interpreting common scientific and technical journals, financial reports and legal documents. Experience responding to common inquiries or complaints from customers, regulatory agencies or members of the business community.
  • Skilled at writing speeches and articles for publication that conform to prescribed style and format. Experience effectively presenting information to top management, public groups and boards of directors.
  • Computer skill requirements include basic MS Access; intermediate MS Word, Excel and PowerPoint.
  • Excellent communication skills to clearly communicate security recommendations, decisions, and to build and maintain security relationships across the enterprise
  • Skilled in applying principles of logical or scientific thinking to a wide range of intellectual and practical problems.
  • Experience dealing with a variety of abstract and concrete variables.
  • Experience working with all levels and functions within the Company.
  • Skilled in resolving conflict as well as manage customer expectations.

 

To view the full job description, please click here.

 

Our Benefits & Perks

We are committed to providing competitive compensation, perks, and a culture that supports your well-being. Benefits depend on your work category and may include medical and dental coverage, 401k plans, profit sharing, pet insurance, company holidays, access to an employee wine shop, and more! Additional information will be provided before your first interview.

 

The Fine Print

  • The Company does not sponsor for employment-based visas for this position now or in the future.
  • Actual compensation paid within the range will be determined by factors such as the education, experience, knowledge, skills and abilities of the applicant, internal equity, and alignment with market data. In addition to the salary, this position may be eligible for bonuses, incentive plans, or participate in tasting room tip pools, as applicable.
  • This position will be based in the location(s) specified in the job posting with an option for occasional telecommuting. You will be expected to live within a commutable distance. 
  • It is the Company’s policy for job postings to be open to internal candidates for a minimum of 5 days and to external candidates, if applicable, for a minimum of 3 days.

 

Gallo’s policy is to afford equal employment opportunities to all applicants and employees and not to discriminate on the basis of race, traits associated with race, including but not limited to, hair texture and protective hairstyles (such as braids, locks, and twists), color, national origin, ancestry, creed, religion, physical disability, mental disability, medical condition as defined by applicable state law (including cancer and predisposing genetic characteristics), genetic information, marital status, familial status, sex, gender, gender identity, gender expression, sexual orientation (actual or perceived), transgender status, sex stereotyping, pregnancy, childbirth or related medical conditions, reproductive health decision making, age, military or veteran status, domestic violence or sexual assault victim status, or any other basis protected by applicable law. Nor will Gallo discriminate based on a perception that an individual has any of the foregoing characteristics or is associated with a person who has, or is perceived to have, any of those characteristics.

 

Gallo will comply with state and local laws prohibiting discrimination for lawful out-of-work behavior, such as off-duty use of cannabis away from the workplace (subject to federal and state law exceptions), the existence of non-psychoactive cannabis metabolites in hair, blood, urine, or other bodily fluids as determined by a drug screening test (subject to federal and state law exceptions).

 

We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gallo is committed to providing reasonable accommodation for candidates with disabilities in our recruiting process. If you need any assistance or accommodation due to a disability, please let us know at 209.341.7000.

 

Gallo is enrolled in the Department of Homeland Security's E-Verify program and will use the program to verify the employment eligibility of all newly hired employees as required.

 

E-Verify Notice

Right to Work

Employee Polygraph Protection Act