Information about #32226 Cybersecurity Program Manager
Work Location: This role can work remotely from anywhere in the continental US, provided that Eastern standard time core business hours are maintained.
Formulated to Care For more than 75 years, GOJO, Makers of PURELL has been powered by people who are energized by helping the world experience greater health and well-being. The positive impact of our PURELL hand and surface hygiene solutions is driven by our global community of highly collaborative and talented team members who love to learn, innovate, care for each other, and deliver our Purpose of Saving Lives and Making Life Better.
Role Objective
This is a working manager role. Ensures the organization meets our cybersecurity standards and objectives: this involves setting security requirements and baselines, evaluating design proposals and working with other technical leads (internal and external) to mitigate risk. In addition, it includes operational, program management, project management, and people management duties.
Essential Functions and Responsibilities
- Oversee and take an active role in security activities such as access control, incident management, incident response, forensics, threat hunting, and reporting
- Support the development, implementation, monitoring, and communication of the cybersecurity program and related activities
- Work with key stakeholders across the organization to ensure that the cybersecurity program aligns with business objectives, mission, and values by developing comprehensive strategies and tactics
- Design, develop, and test cybersecurity features, as microservices and cross platform shareable components with high quality design
- Design, implement, and maintain cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures
- Translate technical cybersecurity requirements into clear, actionable policies that employees can understand and follow
- Develop an enterprise cybersecurity training program
- Monitor and audit compliance of cybersecurity policies to identify gaps
- Review existing cybersecurity policies post security incidents to identify improvements
- Manage multi-functional team coordination, opportunity screening, benefit/cost analysis, vendor selection, schedule and budget oversight, management of consultants/contractors, issue resolution, training, and reporting
- Coordinate with internal and external legal, contracting, procurement, finance, and communications departments to ensure successful project rollout and streamline communications
- Present cybersecurity program status reports to IT senior management
- Perform review and validation of all deliverables for SOC, Incident Response (IR), Threat Intelligence, Threat Hunting, and other customer-assigned activities
- Provide metrics and artifacts supporting audit activities
- Perform cybersecurity activities, operations management, and project management
- Ensure project-defined deliverables are provided on time and have been quality reviewed (e.g., SOPs, Configuration Guides, Training Documentation, Project Schedules)
- Provide knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures
- Develop and update the cybersecurity policy for the organization's cloud computing environment
- Work with external stakeholders to understand operational needs and develop effective processes
- Maintain current understanding of industry trends, emerging cyber threats, and new solutions which may impact the environment
- Cultivate competencies in team members and self for enterprise and individual benefit
- Train, develop and coach direct reports
Education and Experience
- BS or MA in computer science, information security, cybersecurity or a related field preferred
- Minimum seven (7)+ years' experience in a cybersecurity, IT audit or enterprise risk management (ERM) role
- Minimum five (5) years' experience with regulatory compliance and information security management frameworks (e.g., ISO 27000, COBIT, NIST 800)
- Experiences required:
- Program and project management
- Cybersecurity strategy planning
- Identifying and assessing risks to the organization's business
- Crafting and executing Information Security initiatives, including capturing and redefining Requirements into impactful work items
- Driving cross-functional initiatives according to plan and timelines
- Cybersecurity technologies and systems, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems
- Cybersecurity frameworks and standards (such as the NIST Cybersecurity Framework and ISO/IEC 27001)
- Preferred Experience: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)
Supervision/Coordination
- Provide feedback to direct reports and project teams as necessary
- Provide mentoring and coaching as applicable
- Coordinate tasks, schedules, projects, and promotes/adheres/enforces policies and procedures
- Leverage relationships with external suppliers and service providers
Travel Requirements
Overnight Travel - sporadic - required. To Apply: To apply for this position, please complete the online application process. You will have an opportunity to include your resume and a cover letter. GOJO is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or status as an individual with a disability. Applicants must be lawfully authorized to work in the United States. Recruiters, Search Agencies or others referring candidates to GOJO Industries, Inc. without written authorization from GOJO Industries, Inc. Human Resources will not be compensated in any way for their online referral even if GOJO Industries, Inc. hires the candidate. GOJO does not seek or respond to unsolicited resumes for positions that are not listed in the Careers section.
|