GE Appliances, a Haier company Senior Manager, Information Security Governance in Louisville, Kentucky
USA, Louisville, KY
Job Posting Title
Senior Manager, Information Security Governance
The Senior Manager, Information Security Governance is a crucial member of Governance and Strategy team. This individual will manage the Information Security Governance team and security maturity program to ensure enterprise compliance with policies, standards and procedures in alignment with the CIS (Center of Internet Security) Top 20 Controls. The role will manage a global team (India and US) and will partner with a Managed Security Service Provider (MSSP) for operational tasks.
The right candidate will rely on their passion and expertise for security, automation and continuous improvement; and will collaborate closely and frequently with Business Compliance leaders, Digital Technology (DT) leaders, Managed Service partners, Controllership team, and DT project leaders to maintain and improve the overall security posture at GE Appliances.
What you will Do
The Senior Manager for Information Security Governance focuses on assisting and leading in the continuous iteration and improvement of GEA’s security position, by successfully adhering to maturity standards, refining practices, and strategies. This individual will help shape the company’s approach towards improving GE Appliances’ CIS (Center for Internet Security) Maturity score. Furthermore, they will lead the security governance board and steering committee, report critical metrics and KPIs, and will hold the MSSP accountable to SLAs, policies and standards.
Lead security assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice of the organization to gauge our maturity CIS score
Provide continuous monitoring and validation that all security maturity activities are improving and if not, have a data driven mindset to show where progress is not being made and make strategic recommendations on direction
Assist with the creation/continuous updating and monitoring of a security business risk registry
Map controls to compliance requirements like PCI (Payment Card Industry), HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley), GDPR (General Data Protection Regulation) and provide oversight to ensure compliance requirements
Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risk where applicable
Builds strong relationships with technical teams across the GEA’s functions (both IT professionals and business users) and enable their awareness and compliance with guidelines set forth in Security policies, standards, and controls
Participate in application and infrastructure project reviews to provide security planning advice and strategic thinking
Liaise with the vendor management team to conduct security assessments of existing and prospective vendors (EX: Third Party Security Reviews)
Liaise with the internal Controllership team to review and evaluate the design and operational effectiveness of security-related controls
Research and report on current trends in cyber-crime and cyber security.
Coordinate with the Privacy and Data Officers to confirm controls are in place ensuring sensitive data is adequately secure
Review security technologies, tools and services, and make recommendations to the broader security team for their use based on security, financial and operational metrics
Develop security tools and services strategy to help better improve our security position across an array of areas and provide the “checks and balances” and measurement criteria to confirm adherence to policies/standards
Coach and mentor security architects and security practitioners to share best practices and insights to assist with professional growth and advancement
Understand existing processes and identify how to improve and streamline them to improve efficiency and effectiveness.
What you need to Succeed
Bachelors’ degree in Computer Science, Information Systems, Cybersecurity, Mathematics, Statistics or equivalent.
7+ years relevant experience in IT.
Vulnerability and threat analysis experience.
Working knowledge of regulations, standards and frameworks like PCI (Payment Card Industry), HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley), California Consumer Privacy Act (CCPA), CIS (Center for Internet Security)
Understanding of identity and access management, authentication, authorization, encryption, PKI, and security monitoring methodologies and technologies.
Understanding of malware analysis and reverse engineering.
Understanding of network protocols, design and operations.
Understanding of the cyber security capabilities and threat landscape.
Understanding of network and computer forensics.
Understanding of cloud computing
Understanding of security architecture, threat modeling, secure application development, developing security controls architecture patterns, and creating strategies and roadmaps.
Demonstration of industry security awareness via training courses taken and/or certifications received (EX:GCFA, GNFA, GCIH, GPEN, OSCP, etc)
3+ years of experience leading teams
Masters’ degree in Computer Science, Information Systems, Mathematics, Statistics or equivalent.
AWS Certified Solutions Architect – Professional.
CISSP, CISM, CISA, TOGAF, GAIC, or CIPT certifications OR equivalent security accreditation.
ICS/SCADA/PLC proficiency and experience with best practice implementation.
Demonstrated leadership, working across a diverse environment of IT employees (onshore and offshore), consultants and vendors
Demonstrated ability to influence and build consensus with other IT teams and leadership
Ability to effectively manage priorities in a highly dynamic environment
Ability to drive change
Excellent business acumen and technical product knowledge
GE Appliances is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.