Information Security Manager - Governance, Risk & Compliance

Axalta is searching for an Information Security - Governance, Risk & Compliance Manager to join our team in the Philadelphia, PA area.

The Information Security - Governance, Risk & Compliance (GRC) Manager will serve as a strategic leader, driving the development, operation, and continuous improvement of the organization’s global security GRC program. This role entails managing cybersecurity risk, ensuring IT audit and compliance requirements are met, overseeing supplier/vendor security reviews, and aligning the security governance and controls program with best practices and regulatory frameworks. The GRC Manager will collaborate extensively with other security and technology teams, Internal/External Audit, as well as business and leadership stakeholders.

In this role you will:

• Provide Hands-On management of all aspects of Security Governance, Risk & Compliance services, capabilities, staff, and third-party relationships.
• Own the IT Compliance, Audit, & Risk Assessment service portfolio for the Information Security program, driving the annual plan for each in a strategic manner, and ensuring high quality outcomes.
• Perform a range of risk assessment activities including enterprise wide, business unit, asset or control framework/standards (e.g. ISO 27001, NIST CSF, CIS) based assessments and presenting findings to both technical and business audiences.
• Analyze technologies and business requirements to establish highly effective processes, policies, standards, guidelines, and procedures to ensure comprehensive protection exists to ensure a safe, secure, and resilient technology environment and information assets.
• Oversee the execution of the IT General Controls framework supporting Sarbanes Oxley requirements. This includes functioning as the primary liaison with Internal and External Audit as well as Control Owners for control design, operation, testing, and remediation planning.
• Own the management of the security risk register, ensuring risk is appropriately tracked, and remediation strategies are documented.
• Manage the security metrics and reporting program, developing standard update reports, scorecards, and trend summaries to communicate the performance and health of the security program at regular intervals to leadership stakeholders.
• Participate in leading Security Awareness activities for the organization.
• Develop and maintain security controls, policies and capabilities as part of the Information Security Framework with ability to map/crosswalk controls between frameworks/standards (ISO 27001, NIST CSF, CIS).
• Manage third party, vendor and supplier security risk management and contractual activities in conjunction with Legal, Procurement, Purchasing and Supply Chain teams.
• Participate in all phases of the SDLC and project life cycles as needed for corporate initiatives - design, build and operate, ensuring technology initiatives align and comply with internal security policy and standards, as well as support relevant controls from standards/frameworks including as Sarbanes Oxley, ISO 27001, CIS, NIST CSF).

Qualifications:

Required:

• Bachelor’s in Information Technology, Computer Science, Cybersecurity, Computer Engineering, Security Risk Analysis, Information Security & Assurance or other relevant focus area. 
• Candidates must have a minimum of one of the following certifications or will be required to obtain within the first 12 months:  CISSP, ISSMP, CISM, CRISC, CGEIT, CISA, Open FAIR.
• Minimum 5 years leadership experience in a GRC function with a track record of success and high-quality outcomes.
• Must have significant hands-on experience leading ITGC and Sarbanes Oxley focused IT compliance programs. 
• Strong experience implementing and maturing security governance standards, frameworks and controls programs such as ISO 27001, NIST CSF, CIS Critical Security Controls.
• Strong business process knowledge, exceptional analytical skills, and solution-oriented mindset.
• Extensive experience developing security GRC processes, functions, and assessment tools in a GRC platform, with RSA Archer experience highly desired.
• Knowledge of security frameworks and standards such as NIST CSF, ISO 27001, CIS Critical Security Controls, GDPR and CCPA.  Prior experience with TISAX is helpful.
• Expertise in the following security knowledge domains: security architecture, vulnerability management, risk management, identity and access management, user access and privileged access reviews, security awareness, cloud computing, and compliance.
• Experience articulating technical concepts and security risk clearly in business-oriented language.  This includes risk scenario records, risk modeling, acceptance, exceptions, findings documentation, and management action/remediation plans.
• Exceptional written and verbal communication skills are required as this position will be responsible for working directly with multiple technology teams as well as IT leadership.
• Demonstrates strong organizational skills and the ability to multi-task, prioritize workload, and liaise/partner with other teams.

Our Company:

Axalta has remained at the forefront of the coatings industry by continually investing in innovative solutions. We engineer technologies that protect customers’ products – whether they are battling heat, light, corrosion, abrasion, moisture, or chemicals – and add dimension and beauty with colorful finishes. We have a vast and ever-evolving portfolio of brands primed to play an important part in everything from modernizing infrastructure around the world to enabling the next generation of electric and autonomous vehicles.  

 

Axalta operates its business in two segments: Performance Coatings and Mobility Coatings, which serve four end markets, including Refinish, Industrial, Light Vehicle and Commercial Vehicle, across North America, EMEA, Latin America and Asia-Pacific. Our diverse global footprint allows us to deliver solutions in over 140+ countries and coat 30 million vehicles per year. We’ve recently set an exciting 2040 carbon neutrality goal, in addition to 10 other sustainability initiatives, and we take pride in working with our customers to optimize their businesses and achieve their goals.

1.2 - First/Mid Level Officials and Managers (EEO-1 Job Categories-United States of America)