Information Security Risk and Compliance Associate ManagerRacine, Wisconsin Job ID 13103 Apply
The Information Security Risk and Compliance Associate Manager is a highly respected, influential and in-demand role within the business. You will be responsible for supporting the security direction of the business and elevating the company’s security posture. You will be expected to support the security strategy of the business within new and existing information system capabilities. The position requires an understanding of both legacy systems and new technologies, and is also responsible for the planning, design, and continuous improvement of security policies and maintenance.
In tandem with security leadership, you will assess and manage the company risk register and risk exception process. As a primary point of contact for the business and IT resources, you will analyze, quantify and track identified company risks that may lead to non-compliance or security threats to the business. You will will also review and assist in documenting and tracking risk exception requests for approval by Information Security management. As a key member of the security team, you will focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
Essential Duties and Responsibilities:
- Understanding of security risk and compliance standards and working knowledge of documenting and tracking identified risks and risk exception requests.
- Assist in identifying strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
- Analyze findings, and document risk exception requests for approval by security leadership.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply security expertise across key lines of business, including products, practices and procedures.
- Assist in identifying new risks in ongoing projects and system implementations.
- Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
- Attend and fully engage in change and project management meetings.
- Partner with Information Security governance for continuous improvement of risk management processes and adherence to standards.
- Perform other duties as assigned.
Required Skills / Experience / Competencies:
- Bachelor’s degree in Computer Science or Information Management, or equivalent degree
- 5+ years of experience in a Risk and Compliance or Enterprise Security role, or Management or Administration of enterprise information technology systems
- 1+ year of experience in managing corporation risk registers and risk exceptions
Preferred Skills / Experience / Competencies:
- Experience in cybersecurity as a practitioner and with at least 2+ years exposure with various security frameworks.
- Experience with cloud environments such as Microsoft Azure
- Experience with leading Risk and Compliance systems from vendors such as RSA, MetricStream and IBM.
- Some Automation knowledge to support continuous delivery and continuous integration.
- Familiarity with state, federal and international privacy laws.
- Knowledge of IT and Security control frameworks (COBIT, NIST).
- Experience working with internal & external audit groups and IT control testing.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Solid vendor and partner management skills.
- Highly trustworthy; leads by example.
- CRISC Certification desired.
SC Johnson & Son, Inc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, marital status, pregnancy, sexual orientation, ancestry, genetic information, or any other characteristic protected by law.
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at 262-260-3343 or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law poster for more information.