Governance Risk and Compliance Director

The Director of Governance Risk and Compliance will manage and lead the in three key Enterprise Risk & Resilience (ER&R) programs: awareness and training, IT compliance and Privacy compliance. These programs are enterprise level programs that ensure the company is compliant with global Cybersecurity laws and regulations.

To be successful in this role, the Director is skilled in current Cybersecurity management process and platforms with a strong understanding of the operations and related technologies that are used to maintain compliance. This role reports directly to the Sr. Director of GRC.

Success in role requires an authentic people leader with strong leadership experience who will be able to balance team objectives, hands-on leadership of the varied Cybersecurity and IT processes and collaboration across multiple IT and business organizations. Leadership and vision in driving the future state objectives of the organization in alignment with Cybersecurity and business goals will be essential to success.

Success in role requires an authentic people leader with strong leadership experience who will be able to balance team objectives, hands-on leadership of the varied Cybersecurity and IT processes and collaboration across multiple IT and business organizations. Leadership and vision in driving the future state objectives of the organization in alignment with Cybersecurity and business goals will be essential to success.

• Facilitate the adoption of the Cyber processes and technologies throughout the business units within the company
• Oversee and facilitate the Cyber risks framework and alignment of the Cyber risk framework with the enterprise risk management processes
• Provide management and facilitation of the Cyber training, awareness, and communication programs
• Provide management and facilitation of Cybersecurity and IT compliance program
• Provide management and facilitation of the privacy compliance program
• Provide management and facilitation of international privacy program

CAPABILITIES:

• Business Acumen and Partnering
• Business Partnering and Ideation
• Project Risk Assessment Consulting and Assurance
• Cyber Processes and technologies
• Cyber Policies, Standards, and Controls
• Training awareness and communication
• Risk and Compliance Metrics and Reporting
• Continuous Controls Monitoring
• Controls Testing and Compliance

This position will be based in Cleveland, OH or can be a remote position.

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future.

Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company's staff, employees, and business relationships.

Must be eighteen years or older

FORMAL EDUCATION:

Required:

Bachelor's Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)

Preferred: Master's degree in Business Administration, Information Science, Information Assurance or Policy & Risk Analysis CISSP, CRISC, CISM, GSLC, CIPM

KNOWLEDGE & EXPERIENCE:

Required:

• 12+ years of IT/Cybersecurity experience
• 9+ years of leadership experience in managing global security programs and applying information security, risk management, compliance and privacy practices.
• 9+ years of leadership experience in Governance, Risk & Control, Audit, etc. preferably from a similar ecosystem.
• Proven experience interfacing with senior executives and business leader level and communicating complex cyber security concepts in business-relevant ways.
• 8+ years of experience working with privacy, security and/or financial laws (such as PCI-DSS, GLBA, FIPS, SOX, and data breach reporting laws), generally accepted cybersecurity principles, and accepted industry practice.
• 8+ years managing a team of direct reports.

Preferred:

• 10+ years working in the Manufacturing or Consumer Products industry.
• Experience working with Global Privacy and Cybersecurity laws and regulations.

TECHNICAL/SKILL REQUIREMENTS:

Required:

• Demonstrates industry leading security innovation skills and an eye towards understanding the threat environment from a preventative posture.
• Strong demonstrated knowledge of enterprise systems, cloud solutions and IT/security technologies.
• Information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
• Experience in strategic planning, budgeting, and allocation.
• Clear and concise verbal and written communication.

Preferred:

• Business system continuity planning, auditing, and risk management related to information security.