Associate Manager, Information Security Risk and ComplianceRacine, Wisconsin Job ID 12466 Apply
The Associate Manager, Information Security Risk and Compliance is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company’s security posture. The Risk and Compliance Associate Manager is expected to support the security strategy of the business within new and existing information system capabilities. The position requires an understanding of both legacy systems and new technologies, and is also responsible for the planning, design, and continuous improvement of security policies and maintenance.
In tandem with security leadership, Associate Manager, Information Security Risk and Compliance assesses and validates the assurance of the security programs. As a primary point of contact for internal and external auditors, the Risk and Compliance Associate Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the Risk and Compliance Associate Manager must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
Essential Duties and Responsibilities:
- Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
- Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
- Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Analyze findings, and document, recommend and report program gaps to security leadership.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply security expertise across key lines of business, including products, practices and procedures.
- Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
- Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
- Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
- Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
- Attend and fully engage in change and project management meetings.
- Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
- Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws.
- Perform other duties as assigned.
Required Skills / Experience / Competencies:
- Bachelor’s degree in Computer Science or Information Management, or equivalent degree
- 5+ years’ experience in a Risk and Compliance or Enterprise Security role, or Management or Administration of enterprise information technology systems
- Experience complying to and/or enforcing Information Security requirements on an enterprise IT platform
Preferred Skills / Experience / Competencies:
- Knowledge of IT and Security control frameworks (COBIT, NIST).
- Experience with leading Risk and Compliance systems from vendors such as RSA, MetricStream and IBM.
- Experience in cybersecurity as a practitioner and with at least 2+ years exposure with various security frameworks.
- Experience with cloud environments such as Microsoft Azure
- Some Automation knowledge to support continuous delivery and continuous integration.
- Familiarity with state, federal and international privacy laws.
- Ability to communicate IT Risks to business leaders and partners.
- Experience working with internal & external audit groups and IT control testing.
- CRISC Certification desired.
- Excellent written and verbal communication skills with solid teamwork, customer focused and interpersonal skills.
- Experience with Project Management and leading teams.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Solid vendor and partner management skills.
- Highly trustworthy; leads by example.
SC Johnson & Son, Inc. is an equal employment opportunityand affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, marital status, pregnancy, sexual orientation, ancestry, genetic information, or any other characteristic protected by law.
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at262-260-3343or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law posterfor more information.