Senior Manager - Erlanger, KY

Archer Daniels Midland-posted 3 days ago
Full-time • Senior
Erlanger, KY
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

We are looking for a highly accomplished Senior Manager of Technology and Cybersecurity Risk Management to lead our IT and cybersecurity risk management program as part of the Global Technology organization's governance, risk management, and compliance (GRC) function. In this senior role, you will be responsible for defining, implementing, and overseeing the risk management framework and strategies that protect our global enterprise, spanning traditional Information Technology (IT), critical Operational Technology (OT) environments, and cybersecurity. As a publicly-traded global manufacturing leader, our operations require a seasoned manager who can navigate complex landscapes and lead IT, OT, and cybersecurity risk management initiatives in alignment with our business and operational objectives. You will be a key leader and subject matter expert, responsible for driving a culture of cybersecurity and accountability. You will partner with a broad set of leaders and stakeholders to manage risks in an open, collaborative environment where new ideas and solutions are welcomed and rewarded. This role is instrumental to ensuring we maintain our operational integrity, protect our data and systems, and comply with all legal and regulatory obligations.

  • IT and Cyber Risk Management - Lead a team in developing and executing the company's global technology and cybersecurity risk management strategy for internally-developed and third-party technologies and services. Collaborate with leaders, staff, and other stakeholders to employ a GRC framework that is scalable, repeatable, measurable, and integrated into enterprise-wide risk management processes.
  • Third-Party IT Risk Management - Own the design and continuous improvement of the third-party IT risk management program, including risk assessments, integrating IT risk management into the vendor selection, contracting, and ongoing monitoring lifecycle, and conducting due diligence for critical/high-risk third- and Nth-party relationships.
  • Operational Technology (OT) Risk Management – Collaborate with OT and plant automation leadership on the design and implementation of the cybersecurity risk management strategy for OT. Orchestrate specialized risk assessments on OT infrastructure, identifying threats to system availability, integrity, and safety. Monitor critical risk metrics unique to the OT environment (e.g., legacy system exposure, remote access controls, segmentation status).
  • Risk Management Lifecycle - Manage risks through intake, analysis, response, and monitoring in collaboration with subject matter experts and risk owners. This includes risks originating from third-party relationships. Facilitate and document risk response decisions. Validate execution of mitigation plans. Oversee continuous monitoring of risk responses.
  • Risk Management Process Optimization - Execute, mature, and optimize technology and cybersecurity risk management processes, including risk identification, assessment, treatment/response, and reporting. Implement baseline automation and process improvements and iterate to improve risk management data and tooling.
  • Risk Register - Maintain a comprehensive risk register and ensure risk treatment/risk response plans have clear accountability and timelines, including reporting and escalations. Leverage the risk register to support risk informed decisions by clearly communicating tradeoffs. Develop strategies and action plans in areas where existing controls do not mitigate risk in alignment with risk appetite and risk tolerance. Accurately document, prioritize, and track third-party IT and cybersecurity risks.
  • Cybersecurity, IT, and OT Frameworks - Apply industry frameworks (e.g., COBIT, NIST Cybersecurity Framework (NIST CSF), NIST SP 800-37 Risk Management Framework, NIST 800-39 Managing Information Security Risk, NIST SP 800-82 Guide to Operational Technology Security) to develop decision-making and accountability structures for managing cybersecurity, IT, OT, and third-party IT risks.
  • Communication and Reporting - Oversee development and execution of a communication plan for the technology, cybersecurity, and third-party IT risk programs. Build mechanisms to report findings, metrics, and risk responses to business and technology leadership. Define and report on key performance indicators (KPIs) and key risk indicators (KRIs) for the GRC program. Prepare communications on findings, risks, and strategic recommendations for senior management, audit committees, and the Board.
  • Team Leadership - Coach a team of technology and cybersecurity risk analysts. Create an environment that encourages building technical risk analysis skills. Provide mentorship and guidance to team members.
  • Collaboration - Scale the risk framework across the organization. Foster a culture of agility, innovation, and cooperation with key stakeholders across IT, OT, Legal, Internal Audit, Compliance, ERM, Procurement, and global business units. Work with ERM to escalate risks to the enterprise risk register.
  • Additional duties as assigned.
  • Bachelor's degree in information technology, cybersecurity, business, or a related field. An MBA or advanced degree is preferred.
  • Minimum of 8-10 years of progressive experience in IT or cybersecurity governance, risk management, and compliance (GRC), with at least 5 years in a people leadership or management role.
  • Extensive experience within a global, publicly-traded company is essential.
  • Experience in traditional IT and manufacturing Operational Technology (OT) environments and the distinct security and risk management challenges they present.
  • Strong leadership and team management skills, with the ability to build and motivate high-performing teams.
  • Ability to navigate ambiguity and complexity while managing a queue of strategic and operational priorities.
  • Expert knowledge of regulations and frameworks, including SOX, SEC Cybersecurity Disclosure Rules, NIST CSF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-82, NIS2, and ISO 27001.
  • Professional certification such as CRISC, CGEIT, or CISA is required.
  • Exceptional strategic thinking, communication, and presentation skills, with a proven ability to influence and collaborate with executive-level stakeholders.
  • Willingness to travel internationally as needed.
  • In addition to competitive pay, we support your diverse needs with a comprehensive total rewards package to enhance your well-being, including:
  • Physical wellness – medical/Rx, dental, vision and on-site wellness center access or gym reimbursement (as applicable).
  • Financial wellness – flexible spending accounts, health savings account, 401(k) with matching contributions and cash balance plan, discounted employee stock purchasing program, life insurance, disability, workers’ compensation, legal assistance, identity theft protection.
  • Mental and social wellness – Employee Assistance Program (EAP), Employee Resource Groups (ERGs) and Colleague Giving Programs (ADM Cares).
  • Additional benefits include:
  • Paid time off including paid holidays.
  • Adoption assistance and paid maternity and parental leave.
  • Tuition assistance.
  • Company-sponsored training and development resources, such as LinkedIn Learning, language training and mentoring programs.
  • Benefits may vary for bargained locations, confirm benefit eligibility with your recruiter.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service