Governance, Awareness, And Product Security Manager

Neptune Technology Group Inc. is a technology company serving water utilities across North America. Since 1892, we have continually focused on the evolving needs of water utilities - revenue optimization, operational efficiencies, and improved customer service. With our portfolio of smart water meters, data collection systems and software, we make data actionable for our customers - so they can remain focused on the business of water. For additional information, please visit the company website at www.neptunetg.com.

Governance, Awareness, and Product Security Manager

Position Summary

Neptune is seeking a proactive leader to mature our governance program, drive product and application security initiatives, and champion security awareness across the organization. This role will lead a team of GRC Analysts, own policy and procedure development, oversee product security practices, and deliver engaging training and awareness campaigns. The ideal candidate will be passionate about embedding security into our culture and products, ensuring compliance, and empowering employees to be security advocates.

Key Responsibilities

Governance

• Develop, maintain, and enforce security policies, standards, and procedures
• Manage and mentor GRC Analyst resources
• Coordinate with parent company to ensure governance alignment.

Product & Application Security

• Collaborate with engineering and product teams to embed secure-by-design principles
• Oversee secure development lifecycle, including threat modeling and code reviews
• Integrate security tools for vulnerability management in applications
• Drive remediation of product security issues and coordinate with stakeholders
• Implement and manage Web Application Firewall (WAF) solutions to protect web applications

Training & Awareness

• Design and deliver engaging security awareness programs using platforms like KnowBe4
• Develop targeted training for technical and non-technical staff
• Measure and report on training effectiveness and employee engagement
• Lead and manage phishing simulation campaigns to strengthen employee awareness and response

Reporting & Metrics

• Deliver actionable metrics on policy adoption, product security posture, and awareness program effectiveness
• Report regularly to executive leadership and Neptune's parent company

Relevant Platforms (experience with several is expected)

• Application Security: e.g Snyk
• GRC & Policy Management: e.g OneTrust
• Security Awareness: e.g KnowBe4
• Other: Familiarity with cloud platforms (AWS, Azure, GCP), secure coding practices, and compliance frameworks

Minimum Qualifications

• Bachelor's degree (or international equivalent)
• 5+ years in information security, including 2+ years in GRC or product security roles
• Experience leading teams and managing security programs
• Strong understanding of security frameworks (NIST, ISO, SOC 2, etc.)
• Excellent communicator with experience in cross-functional coordination and executive reporting

Preferred Qualifications

• CISSP, CISM, or equivalent certification
• Experience with cloud security and secure software development

Travel Requirements

• Typically requires overnight travel less than 10% of the time.

Location

• Duluth, GA