GE Appliances, a Haier company Digital Technology Risk and Security Manager in Louisville, Kentucky
USA, Louisville, KY
Job Posting Title
Digital Technology Risk and Security Manager
The DT (Digital Technology) Risk and Security Manager is a crucial member of Governance and Strategy team. This individual will provide direction, input to define, audit, and ensure compliance compared to our CIS (Center of Internet Security) policies, standards, and best industry best practices.
The right candidate will rely on their passion and expertise for security, automation and continuous improvement; and will collaborate closely and frequently with Business Compliance leaders, Digital Technology (DT) leaders, Managed Service partners, Controllership Team, and DT Project leaders to maintain, improve, and keep safe the overall security posture at GE Appliances.
What you will Do
The DT Risk and Security Manager focuses on assisting in the continuous iteration and improvement of GEA’s security position, by successfully adhering to maturity standards, refining practices, and strategies. They will help shape the company’s approach towards improving on GE Appliances’ CIS (Center for Internet Security) Maturity score. Furthermore, they will establish and drive enterprise-wide management of metrics/reports/dashboards for auditing and ensuring compliance of both a Managed Service Provider’s and GE Appliances’ effectiveness/efficiency.
Conduct security assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice of the organization to gauge our maturity CIS score
Provide continuous monitoring and validation that all security maturity activities are improving and if not, have a data driven mindset to show where progress is not being made and make strategic recommendations on direction
Assist with the creation/continuous updating and monitoring of a security business risk registry
Mapping controls to compliance requirements like PCI (Payment Card Industry), HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley), GDPR (General Data Protection Regulation) and providing oversight that we are meeting the spirit/intent of these requirements
Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risk where applicable
Builds strong relationships with technical teams across the GEA’s functions (both IT Professionals and Business users) and influence their awareness of complying to the guidelines set forth in Security policies, standards, and controls
Participate in application and infrastructure project reviews to provide security planning advice and strategic thinking
Liaise with the vendor management team to conduct security assessments of existing and prospective vendors (EX: Third Party Security Reviews)
Liaise with the internal Controllership team to review and evaluate the design and operational effectiveness of security-related controls
Research and report on current trends in cyber-crime and cyber security.
Coordinate with the Privacy and Data Officers to confirm controls are in place ensuring sensitive data is adequately secure
Review security technologies, tools and services, and make recommendations to the broader security team for their use based on security, financial and operational metrics
Develops the strategy behind security tools and services to help better improve our security position across an array of areas and provide the “checks and balances”/measurement criteria to confirm adherence to policies/standards
Mentor security architects and security practitioners to share best practices and insights to assist with professional growth and advancement
Understands existing processes and identifies how to improve and streamline them to improve efficiency and effectiveness.
What you need to Succeed
Bachelors’ degree in Computer Science, Information Systems, Cybersecurity, Mathematics, Statistics or equivalent.
A minimum of 3-5 years relevant experience in IT.
Vulnerability and threat analysis experience.
Understanding of malware analysis and reverse engineering.
Understanding of network protocols, design and operations.
Understanding of the cyber security capabilities and threat landscape.
Understanding of network and computer forensics.
Understanding of cloud computing
Strong information security background, with a minimum of 3-5 years hands-on experience.
Advanced knowledge in identity and access management, authentication, authorization, encryption, PKI, and security monitoring methodologies and technologies.
Experience with security architecture, threat modeling, secure application development, developing security controls architecture patterns, and creating strategies and roadmaps.
Demonstration of industry security awareness via training courses taken and/or certifications received (EX:GCFA, GNFA, GCIH, GPEN, OSCP, etc)
Working knowledge of regulations, standards and frameworks like PCI (Payment Card Industry), HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley), GDPR (General Data Protection Regulation), CIS (Center for Internet Security)
At ease at excelling in a highly collaborative and fast-paced team environment
Masters’ degree in Computer Science, Information Systems, Mathematics, Statistics or equivalent.
AWS Certified Solutions Architect – Professional.
CISSP, CISM, CISA, TOGAF, GAIC, or CIPT certifications OR equivalent security accreditation.
ICS/SCADA/PLC proficiency and experience with best practice implementation.
GE Appliances is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.