Manager, Information Security Risk and ComplianceRacine, Wisconsin Job ID 11966 Apply
The Manager, Information Security Risk and Compliance will lead risk identification, analysis, mitigation, compliance reporting and vendor assessment efforts to mitigate risk to SC Johnson. The manager interacts with IT, Governance, Manufacturing and other business stakeholders to understand information security risks across all technology platforms and business environments to manage risk to appropriate tolerances and ensure controls are in place to protect SCJ.
The Manager should will instantiate, mature, and operationalize new concepts like quantitative risk management and gain organizational buy-in among stakeholders by applying business acumen.
The manager will work collaboratively across SCJ to support current and upcoming products, services, and initiatives to identify an manage risks to acceptable levels. The manager is expected to roll up their sleeves and dig into the technical challenges we face across our product and infrastructure, but also be able to step back and think strategically about the team, strategy and company potential risks. This includes but is not limited to leveraging Security Risk and Compliance frameworks, assessment methodologies, inherent risk, residual risk models to achieve the objectives of the company leveraging a pragmatic approach.
Essential Duties and Responsibilities:
- Leads, develop and implement risk quantification tools, techniques or processes and recommends necessary changes to the security teams to ensure compliance with all applicable regulatory requirements and privacy laws.
- Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
- Responsible for cross functional program management of the risk program, providing operational and tactical direction to diverse teams, engineers, architects and ensure appropriate security controls and compliance requirements.
- Conducts independent verification and validation testing of the company networks and sensitive programs through internal team resources and independent consultant engagements.
- Develop and oversee information security risk and compliance management strategies that align with business goals and protect the confidentiality, integrity and availability of information assets.
- Responsible for the identification, analysis and assessment of information risk and compliance scenarios.
- Manages the work of the Information Security, Risk Management and Compliance (RC) team who are responsible for analyzing and implementing Information Security and Risk and Compliance Management frameworks policies, standards and best practices.
- Develop reporting capabilities to communicate the results of risk management program activities to management and stakeholders.
- Responsible for the education, implementation, and consultation of technology risk management practices with key stakeholder groups across the enterprise.
- Support the evaluation of risks and controls, particularly when evaluating the risk and control self-assessment results for high-risk systems and applications.
- Support and coordinate internal and external audits for the areas of Security Risk Management.
- Review risk and control self-assessment results and communicate with the application/data owners key concerns and questions.
- Collaborate and provide input to Client’s security teams in the areas of Risk Management and Compliance.
- Maintain Information Security Risk Management & Compliance data repositories.
- Oversee the Security Vendor Management Program to ensure 3rd party relationships are managed according to best practice.
Required Skills / Experience / Competencies:
- Bachelor’s degree in Computer Science, Information Systems Security or equivalent degree is required
- 5+ years of information technology leadership experience with security frameworks including hands on implementation of security controls, managing teams and compliance with security policies
- 10+ years of overall experience in the information security or compliance field, audit, or operational risk and managing an information security staff
- 3+ years of experience implementing frameworks and processes to drive a risk-based approach to information security incorporating the use of frameworks (e.g. COBIT, NIST CST, NIST 800 53 Rev 4, ISO 17799, ISO/IEC 27002, ITIL etc.)
- 2+ years of experience conducting information security internal controls, vendor risk assessments, metrics, dashboards and risk reporting
Preferred Skills / Experience / Competencies:
- Advanced Degree is preferred
- CISSP Certification, CISM Certification, and/or CISA Certification
- Experience working on medium to large multidisciplinary, security/risk projects
- Experience interfacing with business leaders at various levels including middle and senior management
- Experience supporting security-based devices (firewalls, intrusion detection systems, port scanners, vulnerability scanners, sniffers, malware management systems, email filters, encryption technology and software)
- Experience supporting PCs, OS, and peripherals including server hardening
- Risk assessment experience with Shared Assessments Standard Information Gathering (SIG) questionnaire.
- Experience implementing Industrial Controls Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS) and IOT (Internet of Things) emerging technologies
- Knowledge of/work experiences with Cloud Technologies and security controls for IAAS, PAAS & SAAS service offerings
- Knowledge of/ work experience with GDPR, HIPAA and/or healthcare and privacy concepts.
- Knowledge of/ work experience with compliance activities relative to cybersecurity.
- Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures.
- Be a thought leader in Information Security Risk Management and align initiatives with business objectives of the company.
- Considerable writing proficiency, oral presentation, problem solving and decision-making skills.
- Excellent verbal and written communication skills, including executive-level presentations.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
SC Johnson & Son, Inc. is an equal employment opportunityand affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, marital status, pregnancy, sexual orientation, ancestry, genetic information, or any other characteristic protected by law.
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at262-260-3343or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law posterfor more information.