Skip Navigation
Job Search
Search

Director, Global Information Security (GIS) - Governance

Racine, Wisconsin Job ID 21532 Apply

S.C. Johnson & Son, Inc. established a Global Information Security (GIS) Governance function reporting to the Legal Department. The GIS Governance function supports the direction set by the Security Governance Council (SGC) for information security through security expertise, business process knowledge and risk management in collaboration with the Global Information Security and Global Physical Security teams.

The Director, GIS Governance leads the development and refresh of SCJ’s global information security strategy and policies. In light of this, the Director, GIS Governance must have a deep understanding of the company’s business and be an information technology and security thought leader and subject matter expert in order to effectively align SCJ’s information security strategy and policies with company objectives, promoting an effective balance between information security and business needs.

The Director, GIS Governance works with the SGC to categorize the company’s strategic, reputational, operational, financial, and compliance risk tolerances to guide SCJ's enterprise risk management approach to information security. To effectively do so, the Director, GIS Governance is responsible for establishing the context and direction around SCJ's risk management operations, including managing, identifying, evaluating, reporting, and overseeing the information security risks externally and internally to the SGC.

This role is also responsible for establishing sound oversight and direction over the GIS Governance function, focusing on data governance, security assurance, compliance, internal investigations, and potential conflicts of interests.

In addition, this role interacts with all levels of personnel, including frequent reporting and interaction with the Security Governance Council (comprised of the Chairman, the CFO, the COO, and other senior leaders). The role requires an ability to build partnerships, strategically influence others, and drive for results. The Director, GIS Governance works with executives, business functional heads and technical staff, to bring them together to provide input into initiatives involving Information Security aspects to reflect business and operational needs balanced with legal and regulatory requirements, and risks. This role needs to partner with business functional heads to develop effective and sustainable information security models based on business units or functional requirements and, compose strategic plans to mitigate information security risks related to their function and then monitor the progress of the plans.

Essential Duties and Responsibilities:

  • Development of Global Information Security Strategy: Collaborates with SGC and cross functional stakeholders to develop and align on an enterprise-wide information security strategy to effectively balance information security goals and business needs. Researches and evaluates different risk factors regarding business decisions and operations.
  • Development of Global Information Security Policies: Develops, implements, communicates, and maintains global information security policies, including governance, risk and compliance policies, processes, and procedures. Policies identify core security control capability gaps (Identify, Protect, Defend, Respond and/or Recover security capabilities) and requirements necessary to address information security risks at a high level to support information security strategy.
  • Oversight over Conflicts of Interest Areas: Leads the identification of material gaps in the information security program concerning potential conflicts of interest areas (e.g., privileged access management, administrative rights, segregation of duties, and least privilege) and other substantive areas directed by the SGC, and develops plans to address such gaps and achieve alignment with the information security program goals. Provides direction to technology functions to avoid conflict of interest gaps from materializing during technology deployment through policies, standards, and project steering committees.
  • Leading the GIS Governance Team:
    • Responsible for the enterprise risk management function, data governance, security assurance, compliance, internal investigations, high-risk review, and business continuity for Information Security.
    • Leads, directs, and has accountability for the performance and development of GIS Governance subordinate staff in Compliance, Data Governance, and Internal Investigations in accordance with corporate strategic direction.
    • Facilitates the development of annual goals and objectives for direct reports to support information security program progression.
    • Develops and coaches GIS Governance staff as improvement leaders within the team.
  • Leading Data Governance Efforts: Develops and manages an enterprise Data Governance program to achieve acceptable risk levels per SCJ’s risk tolerances as it relates to the processing and storage of information throughout its lifecycle. Advises the SGC on governance principles and the implementation of governance programs and risk management frameworks for data stewardship and information security. Develops close teamwork relationships with other functional leaders to create, standardize, and implement data stewardship and information security best practices across the enterprise to support proper data governance.
  • Leading Insider Threat Program: Establishes and oversees an Insider Threat Program to proactively manage potential incidents in a consistent and coordinated approach between Human Resources, Global Physical Security, Global Information Security and Legal functions. Ensure program aligns with company culture and policies. Manages the investigation, resolution, and reporting of information security incidents consistent with Insider Threat Program.
  • Building Information Security Assurance Model: Develops model for security assurance monitoring and reporting to achieve and maintain compliance with information security strategy and policies. Consults with the SGC on information security program’s achievement of goals.
  • GIS Governance Budget Management: Owns and manages the GIS Governance budget, goals, objectives, and roadmap.
  • Other:
    • Applies effective risk management techniques and offer proactive advice on possible issues.
    • Supports investigation, resolution, and reporting of external Cybersecurity incidents, which are managed by the Global Information Security team.
    • Oversees staff supporting the Legal Department in the collection, delivery, and presentation of electronic evidence regarding litigation for and against the company.
    • Oversees digital forensics activities and data-related investigations to support Human Resources, Legal, Investigatory Steering Committee, and other key stakeholders while maintaining appropriate chain of custody.
    • Supports the privacy program by providing guidance on data inventory and flows, data protection impact assessments, compliance direction for business processes and technology deployments, etc.

Required Skills / Experience / Competencies:

  • Bachelor’s degree in Information Technology, Computer Science or Engineering
  • 15+ years of experience in information security, risk management and/or related information technology functions.
  • 5+ years supervisory/management experience with Information Technology and Information Security functions including strategic plan development and budgets.

Preferred Skills / Experience / Competencies:

  • Advanced degree preferred.
  • Applicable certifications in the Information Security field (e.g., CISSP, CRISC, etc.).
  • Understanding of Enterprise Risk Management concepts and frameworks (e.g., COSO) to manage information security risk from a business perspective.
  • Senior level understanding of information security, including security and risk management frameworks, vulnerability and threat management, security operations, security organization, architecture, access control, and security incident management.
  • Broad background and experience leading and working with multiple IT and Information Security functions.
  • Demonstrated experience in negotiating and managing relationshipsto influence change in corporate understanding and adoption of information security concepts.
  • Demonstrated experience with managing people across multiple roles and functions with the ability to lead and motivate in accomplishing goals.
  • Awareness of the regulatory trends within the fast-moving consumer products and manufacturing industry that could drive changes in information security and data governance.
  • Background and experience with ITIL, SCJ business systems (e.g., SAP, Data warehouse, etc.), delivery methodologies (e.g., SDLC, Agile, Waterfall, etc.).
  • Experience in interpreting policies, procedures, and processes for ensuring compliance with risk management programs.
  • Familiarity with privacy regulation and concepts.
  • Exceptional organizational and interpersonal skills. Ability to work easily with diverse and dynamic teams including peers, senior executives in both IT and across business units, and internal/external business partners/clients.
  • Ability to exercise professional judgment and assume responsibility for decisions which have an impact on people, business strategic operations, employee productivity and business risk.
  • Superior written, presentation, and verbal communication skills to effectively explain complex security-related concepts and issues to non-technical and business audiences.  
  • Strong understanding of the SCJ business, how the organization works, what is key to SCJ’s success, and what our core values as a company.
  • Good diplomacy and collaboration skills in working with other executives at SCJ.
  • Global experience is an asset.
  • Qualified candidates must be legally authorized to work in the United States.
  • Ownership orientation to solving complex problems.
  • Must pass a detailed security background screening.
  • Remote work is available once a week for eligible employees.
  • Internal Candidates, Salaried Grade M

#Ll-JN1

Other duties, responsibilities and activities may change or be assigned at any time with or without notice as assigned by the Manager. The job description does not constitute a contract of employment and the position remains at-will.

Better Together

At SC Johnson, we strive to create a positive, inclusive and unique workplace. We strongly believe SCJ people are able to achieve their best when they can collaborate and work together in person.

Equal Opportunity Employer

The policy of the Company is to ensure equal opportunity for all qualified applicants and employees without regard to race, color, religion, gender, marital status, sexual orientation, national origin, ancestry, age, gender identity, gender expression, disability, citizenship, pregnancy, veteran status, membership in any active or reserve component of the U.S. or state military forces, genetic history or information or any other category protected by law.

Accommodation Requests

If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at 262-260-3343 or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law poster for more information.

Apply

Sign Up For Job Alerts

Don't miss out - sign up for our email list.

Interested InSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Legal, Racine, Wisconsin, United StatesRemove
  • IT, Racine, Wisconsin, United StatesRemove
  • General Management, Racine, Wisconsin, United StatesRemove

By submitting your information, you acknowledge that you have read our privacy notice(this content opens in new window) and consent to receive email communication from SC Johnson regarding job alerts and other general career events, news and information from SC Johnson.