Security Assurance Manager
SC JOHNSON IS A FIFTH-GENERATION FAMILY COMPANY BUILT ON THE SPIRIT OF OUR PEOPLE. We have been leading with purpose for over 130 years, building iconic brands that win the hearts and minds of consumers – such as Raid®, Glade®, Ziploc® and more, in virtually every country around the world. Together, we are creating a better future – for the planet, for future generations and for every SCJ team member. Join our winning team of Wave Makers and Go Getters and help us write the next chapter in the SCJ story.
As the Security Assurance Manager, you will play a pivotal role in formulating and executing the organization's security strategy, spearheading the development and implementation of related policies, and ensuring a robust security posture. As a seasoned expert in security assurance, this individual will lead a cross-functional team focused on proactively identifying and addressing compliance issues, with particular emphasis on high-risk business areas and conflicts of interests. The role fortifies the organization's security posture by continuously staying abreast of emerging security threats, trends, and best practices, making it resilient and adaptable.
Provide oversight for the Global Information Security (GIS) team in evaluating, reviewing, and prioritizing enterprise-level risks, strategically planning security initiatives, projects, and objectives, and approving high-risk exceptions. Facilitate joint reviews of current information security policies, identify, and prioritize crucial gaps, and collaborate on developing new policies.
Coordinating closely with the GIS team, the Security Assurance Manager takes charge of building a comprehensive security assurance program that aligns seamlessly with the organization's goals and objectives. This encompasses a coordinated effort to identify, assess, and ensure the closure of compliance issues, audit security controls, and monitor their performance. The role is instrumental in cultivating a culture of security and privacy throughout the organization, ensuring that employees understand and adhere to established policies and procedures.
Demonstrating exceptional leadership and decision-making skills, the Security Assurance Manager actively engages with key stakeholders across the organization, forging strong relationships with various security teams to develop and enforce security standards based on established policies. By building solid partnerships with business stakeholders, the role fosters the sharing of best practices, raises awareness of security risks, and guarantees a consistent approach to security across the organization. This individual is a trusted advisor, providing guidance and support on security-related matters to enable the organization to achieve its strategic goals while maintaining a strong security posture.
Essential Duties and Responsibilities:
- Establish and lead the strategy, direction, and objectives for the Security Assurance function, including the partnership with Global Information Security and Physical Security teams
- Provide oversight with the Global Information Security team on strategy, roadmaps, projects, security controls, and standards, and measure against established risk appetite and associated policies
- Lead and/or assist (if led by Internal Audit) compliance assessments and audits of security policies, procedures, and guidelines, to establish a current baseline, identify security control gaps, and develop a maturity roadmap
- Support the development of a metrics and reporting framework to measure the coverage, efficiency, and effectiveness of the Security Assurance programs, including our high-risk business areas, mission-critical processes, insider threats, etc., and increase the maturity of key processes and capabilities
- Communicates and ensures security programs are in compliance with applicable laws, regulations, policies, and standards
- Monitor and respond to compliance alerts in real-time using Azure Purview tools, investigate and triage events, and collaborate with cross-functional teams for resolution
- Drive effective teamwork, communication, collaboration, and commitment across multiple groups with multiple priorities
- Manage engagements with external partners performing assessments of the information security program
- Research, evaluate, and stay current on emerging security tools, trends, policies, best practices, techniques, and technologies
Required Skills / Experience / Competencies:
- Bachelor's degree in Computer Science, Engineering, or a related field
- 7 years in security engineering or similar roles delivering security solutions
- 5 years formulating, implementing, and providing training on security assurance and compliance policies
- 3 years demonstrating sound security decision-making abilities with a record of formulating and executing security strategies and plans that have effectively protected an organization's information assets
- Minimum of 3 years with at least one security framework such as NIST, ISO, or CIS
Preferred Skills / Experience / Competencies:
- Experience in demonstrating the ability to identify and resolve system breakdowns in a pragmatic and timely manner, as shown by successful resolutions of past system breakdowns
- Experience in policy development, deployment, and training, demonstrated by policies implemented and training conducted
- Minimum of 3 years of executive communication and influencing skills, verified by specific instances of executive collaboration with previous roles
- Relevant advanced certifications, such as CISSP, CISM, CEH, or OSCP
- Experience in cooperative work and management of relationships with various stakeholders, demonstrated by successful collaborations or partnerships
- Experience in fostering a culture of security and privacy across an organization
- Familiarity with industry-specific security regulations and compliance requirements
- Full time
- Remote work is available once a week for eligible employees
SC Johnson’s total compensation packages are at or above industry levels. In addition to salary, total packages may include bonuses, long-term incentives, matching 401(k) contributions and profit sharing based on company profitability, job level and years of service. As a family company, we’re committed to providing benefits such as subsidized health care plans, maternity/paternity/adoption leave, flexible work arrangements, vacation purchase options, recreation and fitness centers, childcare, counseling services and more.
At SC Johnson, we strive to create a positive, inclusive and unique workplace. We strongly believe SCJ people are able to achieve their best when they can collaborate and work together in person.
Equal Opportunity Employer
The policy of the Company is to ensure equal opportunity for all qualified applicants and employees without regard to race, color, religion, gender, marital status, sexual orientation, national origin, ancestry, age, gender identity, gender expression, disability, citizenship, pregnancy, veteran status, membership in any active or reserve component of the U.S. or state military forces, genetic history or information or any other category protected by law.
If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at 262-260-3343 or email your request to SCJHR@scj.com. All qualified applicants are encouraged to apply. Download the EEO is the Law poster for more information.