Associate Manager, Information Security Risk and Compliance

About The Position

Requirements

• Bachelor’s degree in Computer Science or Information Management, or equivalent degree. Military experience considered in lieu of education requirement
• 5+ years’ experience in a Risk and Compliance or Enterprise Security role, or Management/ Administration of enterprise information technology systems
• 2+ Experience in cybersecurity as a practitioner or with exposure to various security frameworks (NIST, ISO, COBIT)
• Qualified candidates must be legally authorized to work in the United States without the need for current or future sponsorship for full-time employment.

Nice To Haves

• 2+ years experience complying to and/or enforcing Information Security requirements on an enterprise IT platform.
• Experience in building control frameworks and self-assessment testing.
• Some Automation knowledge to support continuous delivery and continuous integration.
• Familiarity with state, federal and international privacy laws.
• Ability to communicate IT Risks to business leaders and partners.
• Experience working with internal & external audit groups and IT control testing and experience with Project Management and leading teams.
• Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
• CRISC Certification desired.

Responsibilities

• Develop and provide oversight of information security assurance processes/controls to achieve Security Governance Committee (SGC) desired goals.
• Provide updates on roadmap and project execution and creating artifacts to enable monitoring and reporting, including risk assessments to SGC.
• Escalates Oversight Areas to GIS Governance for direction.
• Designs and executes controls to effectively remediate risk per the risk tolerances and in compliance with SC Johnson policies and standards.
• Lead the security risk exception process by working with internal customers (business and IT), reviewing security gaps and identifying remediation requirements.
• Effectively communicate and educate business on security gaps and risks as identified.
• Conduct security risk assessments as assigned.

Benefits

• SC Johnson’s total compensation packages are at or above industry levels.
• In addition to salary, total packages may include bonuses, long-term incentives, matching 401(k) contributions and profit sharing based on company profitability, job level and years of service.
• As a family company, we’re committed to providing benefits such as subsidized health care plans, maternity/paternity/adoption leave, flexible work arrangements, vacation purchase options, recreation and fitness centers, childcare, counseling services and more.