This role works with business units, internal functions and third-parties to co-manage development and deployment of information security controls which act as the foundation for Rockwell Automation’s information security governance framework.
This role leads creation, deployment and maintenance of relevant information security policies and procedures in conjunction with our IT organization.
The role provides subject matter guidance to manage risks related to the use, storage, and transmission of information and the related systems and processes used to manage critical information. Management of issues and underlying processes related to the firm’s Enterprise Risk Management (ERM) program will also fall to this role.
As legal and regulatory compliance drivers grow in importance, this role manages the impact of current and future security-related compliance issues globally.
Information Security Governance and Risk
- Identify and implement the appropriate policy-based controls to manage information risks across the enterprise
- Conduct research, write and deploy policies and standards related to information security governance in conjunction with the business units, IT, functions and third-party entities
- Communicate key cyber-security control policies and standards with Legal, Compliance, Human Resources, business units and security liaisons
- Encourage employees to move beyond compliance and toward adopting a security and risk “mindset” to make said issue part of their everyday workflow
- Provide guidance and support to management on all policy and standards issues related to information security
- Ensure employees and third parties understand and fulfill applicable information security policies and standard requirements
- Liaison and maintain a strong working relationship with related internal functions such as IT Security, Risk Management (ERM), Compliance and Internal Audit
- Provide consultative advice to information securityinternal customers enabling them to make risk management decisions related to current and emerging global security regulations and laws
- Benchmark the risk management practices of other companies in an effort to maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to Rockwell Automation’s established information security policies, procedures and practices
- Follow up on deficiencies identified in reviews, self-assessments, automated assessments, and audits to ensure appropriate remediation plans have been developed and corrective measures have been taken and documented
- Monitor and report on compliance with security policies, as well as the enforcement of policies across the enterprise
- Deploy, manage, and maintain a formal information securityrisk register and the corresponding or associated software
- Provide support and guidance for legal and regulatory compliance efforts, including audit related support as needed
- Direct risk evaluation and compliance management processes as assigned
- Conducts third-party audits as required in order to maintain certifications and compliance certificates
- Serve as an active and consistent participant in the information security governance process via formal and informal councils and or working groups
- Ability to work with various data classification management schemes and the related technical solutions to manage data based on their classification
- Work with the G&IS Group, IT Security, business and functional stakeholders to define metrics and reporting strategies that effectively communicate the success and progress of security programs under management
- Construct and maintain a metrics dashboard containing core program metrics and KPIs
- BS in Information Security, Computer Science, Engineering or a related field
- 8+ years of experience in an IT Audit or Enterprise Risk Management (ERM) role
- 8+ years of experience with regulatory compliance and information security management frameworks (e.g., ISO27, COBIT, NIST, etc.)
- Legal authorization to work in the US is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening.
- An ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Ability to form complex communications / messages in a simple, clear and concise manner to the various communities within our company. This can include different cultures, nationalities, international locations and languages.
- An ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication
- Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including business/functional security liaisons and IT-business personnel
- Excellent written English, with proven ability to research and write clear policy documents and reports for a wide range of audiences
- High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business and functions
- Excellent interpersonal skills with a high level of diplomacy and political awareness
- Sound working knowledge of Microsoft-based software packages, including Word, Excel, PowerPoint, Visio and Outlook
- High degree of initiative, dependability and ability to work with little supervision