Manager, Global Information Security Risk
Racine, Wisconsin
Category: Information Technology Job ID: 27831SC JOHNSON IS A FIFTH-GENERATION FAMILY COMPANY BUILT ON THE SPIRIT OF OUR PEOPLE. We have been leading with purpose for over 130 years, building iconic brands that win the hearts and minds of consumers – such as Raid®, Glade®, Ziploc® and more, in virtually every country around the world. Together, we are creating a better future – for the planet, for future generations and for every SCJ team member. Join our winning team of Wave Makers and Go Getters and help us write the next chapter in the SCJ story.
Summary:
The Manager, Global Information Security Risk focus on driving alignment between security processes and business capabilities. The manager assists with reporting on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business. The manager interacts with IT, Governance, Manufacturing and other business stakeholders to understand information security risks across all technology platforms and business environments to manage risk to appropriate tolerances and ensure controls are in place to protect SCJ. The manager will work collaboratively across SCJ to support current and upcoming products, services and initiatives to identify and manage risks to acceptable levels. This includes but is not limited to elevating Security Risk and Compliance Frameworks, assessment methodologies, inherent risk, residual risk models to achieve the objectives of the company leveraging a pragmatic approach.
This is an onsite role in Racine, WI.
Essential Duties and Responsibilities:
Lead the creation and implementation of frameworks for conducting comprehensive business and technology risk assessments
Drive strategic initiatives to identify, evaluate, and mitigate risks, while mentoring team members to ensure effective risk management practices
Consults on active projects for items related to business and information security risk and how to address gaps through recommended risk response
Provide subject matter expertise of business and the associated risks, balancing approach to both protect and enable the business, bringing line of business specific security requirements back to risk team leadership
Analyzes, communicates, and enforces all security controls identified for our company’s information security compliance requirements
Performs risk management assessments, develop recommended risk response and communicate risk to leadership
Mentor and Coach Team Members and parties providing guidance and in developing their skills in risk management.
Required Skills / Experience / Competencies:
Bachelors degree or equivalent is required
5+ years of experience with risk management and/or security controls/frameworks
1-3 years of demonstrated experience building recommended risk responses to address security gaps without hindering the business
1-3 years demonstrated ability to apply data governance framework to effectively determine confidentiality level for company data
1-3 years of proven ability of possessing business acumen and experience interfacing with business leaders and various levels including middle and senior management
Legally authorized to work in the United States
Preferred Skills/ Experience:
5+ years of overall experience in the information security or compliance field, audit, or operational risk
3+ years of experience of working with/ implementing risk control frameworks and processes to drive a risk-based approach to information security (e.g. COBIT,NIST CSF,NIST 800 53 Rev 4, ISO 17799, ISO/IEC 27002, ITIL etc.)
2+ years of experience conducting information security internal controls assessments, vendor risk assessments, metrics, dashboards and risk reporting. In-depth understanding of security controls and how to apply them to business use cases
Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures
Experience building recommended risk responses to address security gaps without hindering the business
Ability to apply data governance framework to effectively determine confidentiality level for company data
Possess business acumen and experience interfacing with business leaders and various levels including middle and senior management
Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures
Certification pertaining to information security and data privacy protection (e.g., Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Manager (CISM), Certified Information Systems Security professional (CISSP), Certified Information Systems Auditor (CISA), etc)
Experience assessing risk of Industrial Controls Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS) and IOT (Internet of Things) emerging technologies
Knowledge of/work experiences with Cloud Technologies and security controls for IAAS, PAAS, SAS service offerings
Experience in data governance and internal audit
Knowledge of/work experience with GDPR, HIPAA and/or healthcare and privacy concepts
Understanding of technologies supporting security-based (firewalls, intrusion detection systems, vulnerability scanners, malware management, email filters, encryption technology, cloud security platforms, identity & access management, threat management)
Job Requirements:
Full time
Regular shift
This position is eligible for domestic relocation
BENEFITS AND PERKS:
SC Johnson’s total compensation packages are at or above industry levels. In addition to salary, total packages may include bonuses, long-term incentives, matching 401(k) contributions and profit sharing based on company profitability, job level and years of service. As a family company, we’re committed to providing benefits such as subsidized health care plans, maternity/paternity/adoption leave, flexible work arrangements, vacation purchase options, recreation and fitness centers, childcare, counseling services and more.
#LI-MHI
Inclusion & Diversity
We’re a global business, with people from every culture, ethnicity, race, religion, gender identity, sexual orientation, age and ability. We recognize the breadth of human experience, and we work to celebrate it. It is our goal to build a diverse, inclusive and supportive work environment where all people can thrive.
We’re committed to ongoing efforts that help us attract, hire, and retain diverse talent who want to build a positive, inclusive environment. Read more about our ongoing initiatives at https://jobs.scjohnson.com/inclusion.
Better Together
At SC Johnson, we strive to create a positive, inclusive and unique workplace. We strongly believe SCJ people are able to achieve their best when they can collaborate and work together in person.
Equal Opportunity Employer
The policy of the Company is to ensure equal opportunity for all qualified applicants and employees without regard to race, color, religion, gender, marital status, sexual orientation, national origin, ancestry, age, gender identity, gender expression, disability, citizenship, pregnancy, veteran status, membership in any active or reserve component of the U.S. or state military forces, genetic history or information or any other category protected by law.
Accommodation Requests
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at 262-260-3343 or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law poster for more information.
Don't see what
you're looking for?
Click here to share your information with SCJ's Recruiters.