Director, Deputy Chief Information Security Officer

Whirlpool•Benton Harbor, MI

49d•Onsite

About The Position

Whirlpool Corporation (NYSE: WHR) is a leading home appliance company, in constant pursuit of improving life at home. As the only major U.S.-based manufacturer of kitchen and laundry appliances, the company is driving meaningful innovation to meet the evolving needs of consumers through its iconic brand portfolio, including Whirlpool, KitchenAid, JennAir, Maytag, Amana, Brastemp, Consul, and InSinkErator. In 2024, the company reported approximately $17 billion in annual sales - close to 90% of which were in the Americas - 44,000 employees, and 40 manufacturing and technology research centers. Additional information about the company can be found at WhirlpoolCorp.com. The Director, Deputy Chief Information Security Officer is a critical senior member of the Global Cybersecurity team. This position will function as the interface between the Vice President, Chief Information Security Officer (CISO) strategic and process-based activities and the work of the Security Engineering and Operations Team. The Deputy CISO must be able to translate the risk requirements and constraints of the business into operational requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. This position will coordinate the technical operation activities to implement and manage a security shared services model, and to provide regular status and service-level reporting to the CISO and peers. The Deputy CISO will represent security requirements during yearly planning initiatives to ensure security measures are incorporated into strategic plans and that service expectations are clearly defined. This position has direct management responsibility for the following Global Cybersecurity functional areas: Global Fusion Center, to include the Global Security Operations Center, Incident Response, Threat Surface Management and Threat Intelligence. Global Security Engineering and Architecture. This organization is responsible for the selection, deployment and management of the technology stack in support of the Cybersecurity services outlined by our shared services model. This includes the definition of standards, blueprints and reference architectures that govern the proper utilization of technical controls across the global footprint. Identity and Access Management Operations. This organization manages the lifecycle of all digital identities to include: provisioning/deprovisioning, Identity Governance, Access Reviews and Privileged Access Management.

Requirements

Bachelor's degree required, preferably in Computer Science, Information Systems or equivalent
10+ years of managing cybersecurity engineering and operations functions
A security certification to include: CISSP, CISM, CRISC, CCISO and other technical certifications

Nice To Haves

MBA or Master's degree in a management, scientific, technical, or engineering field
Significant work experience with different regions/business units on risk management and leading information security initiatives
Knowledge of information security management frameworks (example: ISO 27001/NIST CSF)
Demonstrated ability to foster a collaborative culture within a team to ensure goals are met and projects are delivered successfully
Proven experience building strategic relationships and influencing senior leadership to achieve business goals
Strong track record of mentoring and developing team members, as well as managing and leading a diverse workforce with highly matrixed resources

Responsibilities

Manage teams, first line, and senior managers to delegate responsibilities as appropriate
Drive strategy and business planning across the Fusion Center, Engineering/Architecture and IAM Ops functions
Provide leadership to foster the culture required to deliver plans and projects, while encouraging innovative thinking, agility and prudent risk taking
Actively influence application of industry trends; recognizing opportunities for transformation and embraces the role of Thought Leader within the industry
Negotiate internal and external priorities, understanding interdependencies of business strategies and plans across the Enterprise
Proactively build strategic relationships with senior leadership and influences strategic decision making
Champion a risk-management culture that considers the application of security controls commensurate to the risk appetite of the organization
Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment
Drive and oversees effective staffing strategy, and processes in talent performance management and career development for the department
Formally mentor other team members in career development
Manage security incidents and participates/leads in problem and change management forums
Work with the CISO and business stakeholders to define metrics and develop reporting strategies that effectively communicate successes and progress of the security engineering operations programs
Manage all activities related to technical stack engineering, roadmapping, and the definition of strategies, standards, blueprints and reference architectures for end-point, data, network, cloud, application and IAM technologies
Manage and coordinates all components of incident management, including detection, response and reporting
Manage all activities of threat and vulnerability management and recommends treatment plans and communicate information about residual risk
Coordinate all aspects of Crisis Management as part of Cyber Incident Response protocols, to include a consistent process to educate employees, respond to incidents, interface with law enforcement and external service providers
Manage all operational activities related to IAM Operations to include leading multiple vendor security teams that support the IAM organization globally for projects and day to day activities on identity management, access provisioning & deprovisioning, privileged access recertification across all Whirlpool's IT platforms, systems and applications
Respond to requests from auditors during the assessment of audit controls
Create and manage plans for measuring security improvements and ensuring appropriate goals are established/tracked
Lead projects leveraging global teams with highly matrixed resources

Benefits

Generous benefits package
Whirlpool employee discount
fitness & educational reimbursement programs
kitchenettes
Beautiful, recently renovated office space
free coffee
biking/walking trails
access to The Eddy - Early Childhood Center (depending upon availability - additional costs required)
Always On Flexibility - You will have the autonomy to manage personal, family, and outside-of-work commitments as needed.
Two-Week Work from Anywhere - Minimum of one-week increments for a total of two weeks per year.
Sabbatical - Four weeks paid leave after every five years of service.