Director - IT Security (Risk & Compliance)

Wesco offers a best-in-class product and services portfolio of Electrical and Electronic Solutions, Communications and Security Solutions, and Utility and Broadband Solution. The company employs over 18,000 people, maintains relationships with over 30,000 suppliers, and serves more than 150,000 customers worldwide.

This role is part of the Enterprise Cybersecurity Team at Wesco, a fortune 200 company. Our mission is to identify, prioritize and appropriately remediate risks to enable the company to achieve its strategic objectives. We value people who are self-motivated, collaborative, out-of-the-box thinkers, and innovators at Wesco. We constantly seek new and better ways of doing things. We need highly motivated individuals who have positive attitudes and want to be part of building something special.

We are currently seeking a Cybersecurity Director that will have overall responsibility for the Segregation of Duties Center of Excellence within our cybersecurity practice. This leader will develop the strategy, people, processes, and technology requirements to create a best in class Segregation of Duties and Compliance program at Wesco. This leader will then be responsible for architecting, implementing and managing all aspects of the program. This person needs to be an industry expert in Segregation of Duties risk, controls frameworks and SoD methodologies as well as be able to implement best practices required to appropriately manage these risks. The leader will need to work closely with Wesco’s Operations, Digital Product and Platforms, Technology Support Services, and Information Technologies teams to understand requirements, internal processes, potential opportunities, and significant pain-points. This role will require excellent collaboration, communication, complex problem solving, negotiation, and self direction skills to be successful. 

Responsibilities:

• Build and lead a global Segregation of Duties Center of Excellence to define governance, policies, and best practices.
• Develop a roadmap to include resourcing requirements, procedures, technology enablement, and budget that would align to the Segregation of Duties Center of Excellence strategy and meet the various stakeholder requirements.
• Builds and manages high performing multi-disciplinary team that will involve a mix of internal and external resources necessary to meet the goals and objectives of the program
• Develop and maintain scalable SoD risk and control frameworks tailored to various application architectures.
• Define and oversee role-level and fine-grained SoD analysis methodologies that reflect system-specific capabilities and limitations.
• Maintain the enterprise SoD framework across systems, including access control frameworks, mitigation strategies, and escalation protocols.
• Collaborate with IT, Global Process Owners, and Compliance Teams to design roles and access structures that align with SoD principles and minimize risk.
• Analyze the impacts of new application and security role designs on user and SoD governance processes, including downstream effects on ruleset maintenance and compliance.
• Understand security role architectures across multiple ERP and legacy systems to ensure effective development of rulesets.
• Regularly review and update SoD policies and frameworks based on emerging risks, regulatory changes, and industry best practices.
• Based on resourcing plan, develop detailed role descriptions and requirements to implement, support and continuously improve all aspects of the program
• Develop key performance indicators to manage the overall health and direction of the program
• Develop and deliver presentations to senior leadership on the current state of the program and plans for future improvements

Qualifications:

• Bachelors Degree or related required. Master's degree preferred.
• 10 years required, 15 years preferred of significant developing and implementing cyber security practices.
• 10 years required, 15 years preferred of working with vendors to assess, procure, and implement solutions.
• 10 years required, 15 years preferred of senior level experience, including advising, influencing, and developing solution architectures in global organizations with complex IS environments.
• 10 years required, 15 years preferred of instituting new policies and procedures in large organizations.
• Highly technically competent with ability to assimilate new technologies and identify where they can be applied to strategies, processes, and organization to support business objectives
• Robust in enforcing architecture disciplines and standards and persuasive in pushing forward new and innovative technologies and methods
• Ability to articulate complex solutions concisely and with clarity at senior management level
• Ability to identify, prioritize, and weigh different options and recommend a constructive solution
• Strong and effective communication skills and relationship building skills
• Strong analytical skills with an ability to map business vision to strategy
• Strong administrative, time management, prioritization, and multi-tasking skills 

#LI-JB1

#LI-REMOTE

This amount is what we reasonably believe we will pay for the position; however, offer amounts may vary based on factors such as geographic location, relevant education, experience, qualifications, skills, shift, or any collective bargaining agreements.
For eligible positions, compensation may also include participation in a bonus or sales compensation plan paid according to achievement against sales targets and/or business objectives. Depending on the role, equity and other forms of compensation may also be provided as part of a total compensation package. In addition, Wesco offers a full range of benefits such as paid time off, medical/dental/vision insurance, and retirement savings plans for eligible employees. More information about benefits is available here.