Regional Information Security Risk and Compliance Manager
United States - Chicago Office
At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.
Dyson IT is mid-transformation. Our aim is to create robust IT architecture, to manage data effectively and efficiently, and continue to grow our world-class team. A team that is strategic, enabling business acceleration, growth, and success.
Our Cyber Security team
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.
Our IT Security Risk & Compliance, Enterprise Security, and Cyber Defence functions are the beating heart of Dyson’s Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.
The Regional Manager IT Security Risk & Compliance, reporting to the Global Senior Manager, IT Security Risk & Compliance will be responsible for:
IT Security Risk & Compliance:
IT Risk Assessment:
Identify and assess potential IT risks within the region.
Analyse data and trends to evaluate the impact of IT risks on the organisation.
IT Risk Mitigation:
Develop and implement IT risk mitigation strategies and action plans.
Collaborate with department heads to establish IT risk reduction measures.
Ensure that the organisation complies with relevant industry regulations and standards.
Monitor changes in regulations and adjust risk management strategies accordingly.
Prepare and present regular reports on regional risk exposure and mitigation efforts to senior management.
Provide insights and recommendations for risk reduction and improvement.
Training and Awareness:
Conduct training sessions and workshops for employees to increase risk awareness and promote risk management best practices.
Dawn Raid Response:
Participate in Dawn Raid Response Plan to address unannounced inspection.
Coordinate with Legal and other relevant teams during the incident.
Communicate risk-related information to key stakeholders, both internal and external, as necessary.
With experience in a similarly dynamic, international role and complex organisation, you’ll have a proven authoritative knowledge of leading an IT function in the global/region working as part of a global matrix managed team.
A highly self-motivated individual with positive mindset & can-do attitude, and a strong believer of “Security as an enabler” to support business growth.
An exceptional track-record of managing IT Security Risk and Compliance team, encompassing a range of responsibilities including operational IT security, consultancy, implementation, and compliance.
Demonstrable experience of developing strong partnerships across management teams within complex businesses, you'll possess the strength of character and conviction to make tough decisions when required.
Practical knowledge and experience specific to enterprise information security (IT Infrastructure, Networks, Applications, Security controls, etc.)
Strong hand-on knowledge of industry standard frameworks (ISO 27001, NIST, ITIL etc.), best practices (OWASP, CSA) and regulations (PCI DSS, GDPR, China Cyber Security Law, etc.)
Ability to evaluate & articulate risks, develop consensus, raise awareness and provide thoughtfully considered security solutions to various key business stakeholders.
Ability to translate and distil complex technical information across all levels of the organisation as required for the audience.
Ability to effectively develop and manage all defined communication channels and relationship management with diverse and cross-functional stakeholder groups.
Ability to lead and manage a specialist based, high performing and multicultural team
Bachelor’s Degree in Information Technology, Computer Science, or a related field/science.
Considerable experience in the Information security/IT Governance, Risk and Compliance (GRC) area.
Industry security certifications such as CISA, CISSP, CRISC or ISO 27001 Lead Auditor.
Experience in implementing security controls, risk assessment framework, and program that align to regulatory requirements.
Deep domain knowledge, ideally enterprise experience and global exposure with strong understanding knowledge of cloud computing.
Familiar with GRC tools such as RSA Archer, OneTrust.
Cloud solution provider certification such as AWS Solutions Architect, or GCP certified would be a bonus.
Excellent relationship skills - the ability to build positive relationships with both technical and business personnel.
Excellent communication skills in written and oral presentation material.
Our culture is unique. It's not easy or comfortable. It's certainly not for everyone, but if you thrive on challenge and are excited by change – it could be for you.
Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Perks/benefits: Career development
More jobs like this
USA, MD, Annapolis Junction … USA, MD, Annapolis Junction (304 Sentinel Dr) … Full TimeSenior Senior-levelUSD 93K - 212K USD 93K+
Booz Allen Hamilton
5G Vulnerability Analyst, LeadBash C Clearance Computer Science DNS IT infrastructure +13
401(k) matching Career development Equity Flex hours Flex vacation +4
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Cybersecurity Consultant jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Specialist jobs
- Open Firewalls-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs