Program Manager, Cybersecurity
The Koch Engineered Solutions (KES) Cybersecurity Program Manager will report to the KES Chief Information Security Officer (CISO) and be responsible to align, measure, and support improved cybersecurity maturity, effectiveness, and operations across KES.
The candidate will design, develop, and implement a comprehensive enterprise cybersecurity Governance, Risk & Compliance capability (GRC). This role will coordinate cybersecurity activities with KES business units, capability teams, and third-party infrastructure providers in a matrixed multi-business, multi-platform IT environment. The candidate will create and maintain: a uniform security framework for governance, risk & compliance, policies, security metrics, dashboards, audit & assurance activities, security awareness and overall risk assessment processes
The ideal candidate will be highly skilled in cybersecurity operations and GRC programs, having a strong passion to work in a collaborative team environment to take our security program to the next level. Candidate will be a self-motivated, innovative, strategic thinker with experience in implementing security frameworks and leading a cybersecurity GRC program in a federated organizational structure
What You Will Do In Your Role
- Lead the GRC security function
- Research and implement standard industry security frameworks and best practices (ISO/NIST), aligned to applicable compliance and audit frameworks (SOC)
- Create meaningful security metrics to communicate security posture and risks to leadership
- Develop and maintain security policies, standards, and procedures
- Develop an ongoing security assurance program to audit, monitor, and verify the effectiveness of security; analyze data, develop trend analysis and ensure compliance to existing standards, policies, and procedures
- Monitor regulatory and commercial compliance as required (CFATS, MTSA, GDPR, PCI, CCPA, SOC 2)
- Manage third party risk assessment process and response to external customer security inquiries
- Oversee detailed incident response procedures that ensure integration with Legal, KES IT, and Koch shared services organizations
- Manage and implement strategic security projects and initiatives as required
The Experience You Will Bring
- Experience developing, managing, assessing, implementing, and supporting cybersecurity GRC program & toolsets in regulated environments
- Experience in people leadership or program management
- Experience consulting with and influencing customers and stakeholders
What Will Put You Ahead
- Bachelor’s degree in Security or Computer Science
- Experience in cybersecurity risk management including threat and vulnerability management, aligning controls to frameworks, and improving cyber security maturity
- Industry security certifications, such as Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) or Global Information Assurance Certification (GIAC).
- Knowledge in regulatory requirements and audit frameworks, such as ISO, NIST, HITRUST/NIST CSF, SOC, other
Salary and Benefits Commensurate with Experience.
Equal Opportunity Employer.
Except where prohibited by state law, all offers of employment are conditioned upon successfully passing a drug test.
This employer uses E-Verify. Please visit the following website for additional information: www.kochcareers.com/doc/Everify.pdf