Senior Manager

Erlanger

KY - Kentucky

Information Technology

Job Description

Senior Manager Technology and Cybersecurity Risk Management - Erlanger, KY
Full-time

Job Summary
We are looking for a highly accomplished Senior Manager of Technology and Cybersecurity Risk Management to lead our IT and cybersecurity risk management program as part of the Global Technology organization's governance, risk management, and compliance (GRC) function. In this senior role, you will be responsible for defining, implementing, and overseeing the risk management framework and strategies that protect our global enterprise, spanning traditional Information Technology (IT), critical Operational Technology (OT) environments, and cybersecurity. As a publicly-traded global manufacturing leader, our operations require a seasoned manager who can navigate complex landscapes and lead IT, OT, and cybersecurity risk management initiatives in alignment with our business and operational objectives.
You will be a key leader and subject matter expert, responsible for driving a culture of cybersecurity and accountability. You will partner with a broad set of leaders and stakeholders to manage risks in an open, collaborative environment where new ideas and solutions are welcomed and rewarded. This role is instrumental to ensuring we maintain our operational integrity, protect our data and systems, and comply with all legal and regulatory obligations.

Key Responsibilities

• IT and Cyber Risk Management - Lead a team in developing and executing the company's global technology and cybersecurity risk management strategy for internally-developed and third-party technologies and services. Collaborate with leaders, staff, and other stakeholders to employ a GRC framework that is scalable, repeatable, measurable, and integrated into enterprise-wide risk management processes.
• Third-Party IT Risk Management - Own the design and continuous improvement of the third-party IT risk management program, including risk assessments, integrating IT risk management into the vendor selection, contracting, and ongoing monitoring lifecycle, and conducting due diligence for critical/high-risk third- and Nth-party relationships.
• Operational Technology (OT) Risk Management – Collaborate with OT and plant automation leadership on the design and implementation of the cybersecurity risk management strategy for OT. Orchestrate specialized risk assessments on OT infrastructure, identifying threats to system availability, integrity, and safety. Monitor critical risk metrics unique to the OT environment (e.g., legacy system exposure, remote access controls, segmentation status).
• Risk Management Lifecycle - Manage risks through intake, analysis, response, and monitoring in collaboration with subject matter experts and risk owners. This includes risks originating from third-party relationships. Facilitate and document risk response decisions. Validate execution of mitigation plans. Oversee continuous monitoring of risk responses.
• Risk Management Process Optimization - Execute, mature, and optimize technology and cybersecurity risk management processes, including risk identification, assessment, treatment/response, and reporting. Implement baseline automation and process improvements and iterate to improve risk management data and tooling.
• Risk Register - Maintain a comprehensive risk register and ensure risk treatment/risk response plans have clear accountability and timelines, including reporting and escalations. Leverage the risk register to support risk informed decisions by clearly communicating tradeoffs. Develop strategies and action plans in areas where existing controls do not mitigate risk in alignment with risk appetite and risk tolerance. Accurately document, prioritize, and track third-party IT and cybersecurity risks.
• Cybersecurity, IT, and OT Frameworks - Apply industry frameworks (e.g., COBIT, NIST Cybersecurity Framework (NIST CSF), NIST SP Risk Management Framework, NIST Managing Information Security Risk, NIST SP Guide to Operational Technology Security) to develop decision-making and accountability structures for managing cybersecurity, IT, OT, and third-party IT risks.
• Communication and Reporting - Oversee development and execution of a communication plan for the technology, cybersecurity, and third-party IT risk programs. Build mechanisms to report findings, metrics, and risk responses to business and technology leadership. Define and report on key performance indicators (KPIs) and key risk indicators (KRIs) for the GRC program. Prepare communications on findings, risks, and strategic recommendations for senior management, audit committees, and the Board.
• Team Leadership - Coach a team of technology and cybersecurity risk analysts. Create an environment that encourages building technical risk analysis skills. Provide mentorship and guidance to team members.
• Collaboration - Scale the risk framework across the organization. Foster a culture of agility, innovation, and cooperation with key stakeholders across IT, OT, Legal, Internal Audit, Compliance, ERM, Procurement, and global business units. Work with ERM to escalate risks to the enterprise risk register.
• Additional duties as assigned.

Job Requirements

• Bachelor's degree in information technology, cybersecurity, business, or a related field. An MBA or advanced degree is preferred.
• Minimum of 8-10 years of progressive experience in IT or cybersecurity governance, risk management, and compliance (GRC), with at least 5 years in a people leadership or management role.
• Extensive experience within a global, publicly-traded company is essential.
• Experience in traditional IT and manufacturing Operational Technology (OT) environments and the distinct security and risk management challenges they present.
• Strong leadership and team management skills, with the ability to build and motivate high-performing teams.
• Ability to navigate ambiguity and complexity while managing a queue of strategic and operational priorities.
• Expert knowledge of regulations and frameworks, including SOX, SEC Cybersecurity Disclosure Rules, NIST CSF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-82, NIS2, and ISO 27001.
• Professional certification such as CRISC, CGEIT, or CISA is required.
• Exceptional strategic thinking, communication, and presentation skills, with a proven ability to influence and collaborate with executive-level stakeholders.
• Willingness to travel internationally as needed.

Excited about this role but don't think you meet every requirement listed? We encourage you to apply anyway. You may be just the right candidate for this role or another one of our openings.

ADM requires the successful completion of a background check.

REF: BR

Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours.

If hired, employees will be in an "at-will position" and the Company reserves the right to modify base pay (as well as any other discretionary