Spanish bilingual and Hispanic jobs since 1997. Diversity job fairs since 2006. employers     login   |   register - post a job
Hispanic Diversity Recruitment - best jobs for hispanic, latino & bilingual (spanish & portuguese) jobseekers
HOME
    Log me in!   |   Site Map   |   Help   
 VP, GLOBAL SECURITY & CISO - USA, Wisconsin, United States

   
Job information
Posted by: Rockwell Automation 
Hiring entity type: Manufacturing 
Work authorization: Not Specified for United States
Position type: Direct Hire, Full-Time 
Compensation: ******
Benefits: See below
Relocation: Not specified 
Position functions: Computers - Other
Computers - Platforms
Computers - IT Management
 
Travel: Unspecified 
Accept candidates: from anywhere 
Languages: English - Fluent
 
Minimum education: See below 
Minimum years experience: See below 
Resumes accepted in: English
Cover letter: No cover letter requested
Job code: R21-7322 / Latpro-3806875 
Date posted: Jul-20-2021
State, Zip: Wisconsin, Zip not provided

Description

Location: United States of America (remote)

Job Description

Overview: The Rockwell Automation VP and Chief Information Security Officer (CISO) will be responsible for developing and executing a holistic cybersecurity strategy to ensure that Rockwell Automation and our Connected Enterprise Ecosystem - the company's infrastructure, products, and customers - is safe, secure, and resilient. That will involve collaborating with other security leaders and business leaders across the company, external security leaders from government and industry globally, and customers to identify and manage risks across our IT and manufacturing infrastructure, products and services, and supply chain while supporting and advancing the corporate strategic framework.

The CISO position requires a visionary thought leader, strategic thinker, and innovative problem solver, with sound understanding of the role of industrial automation in critical infrastructure and the importance of adapting to the ever-changing cyber threat environment, the complexity of software engineering in a modern, cloud-based development environment, and a working knowledge of cybersecurity technologies covering the corporate network, manufacturing, and the broader digital ecosystem. In addition to a strong foundational knowledge of cybersecurity and working knowledge of security technologies, the CISO should also possess outstanding leadership and team building strengths that generate optimum productivity with performance excellence from security staff, as well as internal and external partners.

Reporting Relationship:The VP and Chief Information Security Officer will report to the SVP and Chief Information Officer. The CISO will regularly interface with the SVP, Chief People and Legal Officer for security governance and risk management oversight.

Job location: Ideally the position will be located in Milwaukee, WI, but exceptional candidates can be based anywhere in the United States, with frequent travel to Milwaukee, WI.

Responsibilities:

Set the Strategy and Manage Risk

  • Leads a cross-functional team of Rockwell Automation's security leaders and experts from businesses and functions across the company, including but not limited to the Chief Product Security Officer and team, executives and members of teams providing security services to customers, and manufacturing, to develop and execute a holistic cybersecurity strategy to ensure that Rockwell Automation and our Connected Enterprise Ecosystem - the company's infrastructure, products, and customers - is safe, secure, and resilient. The strategy encompasses enterprise information security, product and services security, manufacturing security, supply chain security, third party security, and security related to mergers and acquisitions.

  • Works with the cross-functional, holistic security team to identify, track, and manage all security risks for the Company on an ongoing basis, including risk quantification and analysis, responses, future actions, and risk owners.  Works with business units to facilitate security risk identification, assessment, and risk management processes, and empowers them to own and accept risks or escalates according to a formal risk tolerance framework.

  • Tracks execution of the annual security strategy and reports progress to Rockwell Automation leadership, including the board of directors, using a formal framework like NIST CSF, ISO 27001, and IEC 62443.

  • Develops a zero-trust strategy and architecture for managing the security and privacy of all corporate assets and information.

Establish Governance and Build Knowledge

  • Facilitates a cybersecurity governance program, including creation of security policies, standards, and guidelines, and managing interactions with the Executive Security Council, which provides governance and oversight, and has decision-making authority for risk tolerance decisions on behalf of the Company.

  • Provides regular reporting on the status of the cybersecurity program to the enterprise risk management team, senior business leaders and the board of directors.

  • Works with the legal department and the sourcing office to ensure that appropriate security and privacy requirements are included in contracts.

  • Creates and executes a formal security communications and awareness program to continuously educate employees and contractors on security issues, and to provide appropriate communications and training to our extended network of partners including customers, distributors, supply chain and other service providers.

  • Maintains a network of security liaisons with all business and functions, to understand implications of policies and standards across the company, and to ensure consistent application of those policies and standards.

  • Leads the security ambassador program to mobilize employees in all locations.

Build the Network and Communicate the Vision

  • Builds and nurtures external networks consisting of customers, industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, best practices, lessons learned, incidents and cybersecurity risks.

  • Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that Rockwell Automation maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.

  • Collaborate with security leaders from Rockwell Automation customers on best practices for security in converged IT/OT (operating technology) environments, lessons learned, and other security issues.

Lead the Organization

  • Determines the cybersecurity approach and operating model in consultation with other security leaders - the Chief Product Security Officer, leaders of teams providing security services to customers, manufacturing - and other stakeholders.

  • Manages the budget for the Office of the CISO.

  • Manages the personnel in the Office of the CISO, including hiring, training / onboarding, staff development, performance management and annual performance reviews. The responsibilities of the Office of the CISO teams are detailed below in "Operate the Function", including security operations, vulnerability management, incident response, identity and access management, security awareness, security governance and risk management, threat intelligence, and security architecture.

Operate the Function

  • Creates a risk-based process for the assessment and mitigation of any security risk in the ecosystem consisting of supply chain partners, vendors, and any other third parties.

  • Participates in the mergers & acquisition process to assess. Communicate, and provide recommendations regarding cybersecurity risks. Following the M&A process, work with the new acquisition / joint venture, the business that acquired it, IT, product security, manufacturing, and other stakeholders to ensure that cybersecurity risks are prioritized and addressed using a risk-based approach.

  • Works with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.

  • Support, enhance, and facilitate Rockwell Automation's digital transformation and focus on cloud by advising and monitoring security controls to support its advancement.

  • Collaborates and liaises with the chief privacy officer to ensure that data privacy requirements are understood and followed where applicable.

  • Defines and facilitates the processes for cybersecurity risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings or incidents.

  • Ensures that security is embedded in product development and services delivery processes by providing the appropriate security policies, practices, technologies, and guidelines.

  • Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.

  • Manages and contains cybersecurity incidents and events to protect corporate IT assets, manufacturing processes, intellectual property, customer data and environments, and the company's reputation.

  • Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.

  • Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.

  • Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas.

  • Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.

Requirements

A successful CISO candidate will have the expertise and skills described below.

Previous Experience:

  • 15+ years of experience in a combination of risk management, information security, cybersecurity, software engineering, industrial engineering, and IT jobs.

  • 5+ years' experience in a senior-level management role which includes proven ability to effectively influence senior level leaders. Demonstrated experience and success in senior leadership roles in risk management, cybersecurity, and converged IT / OT security.

  • Proven track record of managing a diverse and multi-faceted team.

  • Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.

  • Experience in industrial environments.

  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience.

Desired, but not required:

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

  • Experience with contract and vendor negotiations

Technical and Business Experience

  • Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, China Cybersecurity Law, DOD Cybersecurity Maturity Model, and the Executive Order on Improving the Nation's Cybersecurity (May 2021).

  • Knowledge of common information security management frameworks, such as ISO 27001, NIST, 800-53 and Cybersecurity Framework, and IEC 62443.

  • Sound knowledge of business management and a working knowledge of cybersecurity risk management and cybersecurity technologies

  • Up-to-date knowledge of methodologies and trends in both business and IT

Knowledge and Skills

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from plant operations, non-technical office workers, industrial engineering experts that work with our customers, software engineers developing our products, as well as corporate leadership including the board of directors.

  • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.

  • Ability to lead and motivate the security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.

  • Excellent stakeholder management skills.

  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

  • Project management skills: financial/budget management, scheduling, and resource management.

  • A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.

Temperament

  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.

  • High degree of initiative, dependability, and ability to work with little supervision while being resilient to change.

  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

  • Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.

  • Critical thinker, with strong problem-solving skills.

  • Strong problem-solving and trouble-shooting skills.

We are an Equal Opportunity Employer including disability and veterans.

If you are an individual with a disability and you need assistance or a reasonable accommodation during the application process, please contact our services team at +1 (see application details).



Requirements

See job description

 

Rockwell Automation requires you to fill in their on-line form which will open in a different window.

Enter your email address and click 'Apply':
       Apply
  Prefer not to enter your email?