Associate Manager, Information Security Risk and ComplianceRacine, Wisconsin Job ID 17729 Apply
The Associate Manager, Information Security Risk and Compliance is a highly respected, influential and in-demand role within the business. The position is responsible for assessing risk to the organization, supporting the security direction of the business and elevating the company’s security posture. The Risk and Compliance Associate Manager is expected to support the security strategy of the business within new and existing information system capabilities.
In tandem with security leadership, Associate Manager, Information Security Risk and Compliance will assess security practices of company vendors and propose mitigating controls (where appropriate) as well as residual risk. This individual will work directly with business users to complete the assessments and ensure compliance with the information security risk policy. As a key member of the security team, the Risk and Compliance Associate Manager must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
Essential Duties and Responsibilities:
- Conduct enterprise-wide, ongoing risk assessments in tandem with compliance and security.
- Identify strengths and weaknesses in the security program of vendors as they relate to privacy, security, business resiliency and compliance frameworks.
- Identify and document of security improvement that balance risk with business operations and comply with SC Johnson standards.
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply security expertise across key lines of business, including products, practices and procedures.
- Introduce automation and efficiencies to the current risk assessment process to optimize processing cycles while producing a quality product.
- Perform continuous improvements of the assessment process to ensure new security requirements are included in questionnaires for analysis.
- Perform other duties as assigned.
Required Skills / Experience / Competencies:
- Bachelor’s degree in Computer Science or Information Management, or equivalent degree
- 5+ years’ experience in a Risk and Compliance or Enterprise Security role, or Management or Administration of enterprise information technology systems
- Experience complying to and/or enforcing Information Security requirements on an enterprise IT platform
Preferred Skills / Experience / Competencies:
- Excellent written and verbal communication skills with solid teamwork, customer focused and interpersonal skills.
- Experience in cybersecurity risk assessments as a practitioner and with at least 2 to 3+ years exposure with various security frameworks.
- Project management experience
- Experience with cloud environments such as Microsoft Azure
- Experience with leading Risk and Compliance systems from vendors such as RSA, MetricStream and IBM.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Self-motivated, directed and well-organized, with the vision to position assessments to reduce the risk to the organization.
- Some Automation knowledge to support continuous delivery and continuous integration.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Solid vendor and partner management skills.
- Highly trustworthy; leads by example.
At SC Johnson, we strive to create a positive, inclusive and unique workplace. We strongly believe SCJ people are able to achieve their best when they can collaborate and work together in person.
The policy of the Company is to ensure equal opportunity for all qualified applicants and employees without regard to race, color, religion, gender, marital status, sexual orientation, national origin, ancestry, age, gender identity, gender expression, disability, citizenship, pregnancy, veteran status, membership in any active or reserve component of the U.S. or state military forces, genetic history or information or any other category protected by law.
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at 262-260-3343 or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law poster for more information.