Associate Manager, Security Assurance (Legal)Racine, Wisconsin Job ID 20101 Apply
S.C. Johnson & Son, Inc established a Global Information Security (GIS) Governance function reporting to the Legal department. The GIS Governance function manages the strategy and policies for the information security program, which define the goals to develop, mature and sustain an effective program. Also, it provides enterprise oversight for high risk areas to ensure the program is managing information security risks per the company’s defined tolerances.
This position will ensure that the information security program is achieving our strategic goals and complying with company policies and standardsby leading the development and implementation of security assurance model for our information security program. The position will work directly with key stakeholders supporting the information security program in order to develop and maintain effective policies and contribute to goals based on the program’s strategy. The GIS Governance department partners with Global Information Security (GIS) team from the IT organization in managing the information security program, so independent collaboration with the GIS team’s leadership will be important aspect of the position.
Essential Duties and Responsibilities:
- Lead the management of the information security enterprise-level policies, identify important gaps, build compliance requirements and draft/revise policies as required to maintain an effective information security program.
- Oversee enterprise risks associated with a potential catastrophic impact, like high confidential data, mission critical processes and insider threats.
- Provide input to senior leadership for goals of the information security strategy.
- Develop and maintain a pragmatic model for security assurance monitoring and reporting against the strategic plan, roadmap, policies and standards. Generate and/or approve report content to be presented to the senior leadership of Security Governance Council.
- Drive the integration of threat management (e.g. scenario-based testing based on MitreAtt&ck) and operational metrics into the security assurance model to provide holistic and balanced assessment of the program.
- Manage engagements with external partners performing assessments of information security program. Includes managing required commitments by internal resource to support the engagements.
- Consults with the leadership and key stakeholders on the achievement of the information security program’s goals.
- Provide direction to GIS in the development and sustainment of formal security standards, procedures and guidelines to achieve the goals of information security program and supporting policies.
- Maintain expertise and knowledge related to national security standards (NIST) and industry best practices (ISO) changes to drive continuous improvements in the information security program including supporting policies.
- Participate in reviews for regulatory requirements (e.g. HIPAA, PCI, GDPR, CCPA, etc.) to determine required changes to policies, standards, etc.
Required Skills / Experience / Competencies:
- Bachelor’s degree and 5+ years of professional experience in Information Security related field.
- Understand information security standards (NIST) and industry best practices (ISO).
- Experience in information security governance, risk management, compliance, etc.
- Experience in policy development, deployment and training.
- Experience in perform security and compliance audits against policies and standards
- Highly organized and able to manage work independently and effectively with shifting priorities
- Excellent communication skills including verbal, written and presentation skills.
- Cultivate strong collaboration with program’s stakeholders at varying leadership levels to achieve goals of security assurance and program’s strategy
- Ability to identify breakdowns, perform the tasks required to resolve the issue in a pragmatic and timely manner, and follow-up as necessary to ensure a satisfactory resolution.
- Possess and exercise a strong sense of ethics and confidentiality.
- Ability to gather data and synthesize information, perform analysis, and demonstrate how the results may impact the organization.
- Undergraduate degree in Computing Science, Information Management, MIS or related.
- Qualified candidates must be legally authorized to work in the United States.
Preferred Skills / Experience / Competencies:
- Experience in information security threat management models, vendor risk management, infrastructure technology, security architecture, etc.
- Strong understanding of risk management frameworks (NIST, ISO, COSO, etc.)
- Expert knowledge in information security industry best practices and standards (NIST, ISO, COBIT, etc.)
- Certification in Information Security are (e.g. CISSP, CRISC, CISM, etc.)
- Remote work is available once a week for eligible employees.
At SC Johnson, we strive to create a positive, inclusive and unique workplace. We strongly believe SCJ people are able to achieve their best when they can collaborate and work together in person.
Equal Opportunity Employer
The policy of the Company is to ensure equal opportunity for all qualified applicants and employees without regard to race, color, religion, gender, marital status, sexual orientation, national origin, ancestry, age, gender identity, gender expression, disability, citizenship, pregnancy, veteran status, membership in any active or reserve component of the U.S. or state military forces, genetic history or information or any other category protected by law.
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at 262-260-3343 or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law poster for more information.