Senior Manager - Erlanger, KY

Senior Manager Technology and Cybersecurity Risk Management (Erlanger, KY)

Full-time

We are looking for a highly accomplished Senior Manager of Technology and Cybersecurity Risk Management to lead our IT and cybersecurity risk management program as part of the Global Technology organization's governance, risk management, and compliance (GRC) function. In this senior role, you will be responsible for defining, implementing, and overseeing the risk management framework and strategies that protect our global enterprise, spanning traditional Information Technology (IT), critical Operational Technology (OT) environments, and cybersecurity.

As a publicly-traded global manufacturing leader, our operations require a seasoned manager who can navigate complex landscapes and lead IT, OT, and cybersecurity risk management initiatives in alignment with our business and operational objectives. You will be a key leader and subject matter expert, responsible for driving a culture of cybersecurity and accountability. You will partner with a broad set of leaders and stakeholders to manage risks in an open, collaborative environment where new ideas and solutions are welcomed and rewarded.

This role is instrumental to ensuring we maintain our operational integrity, protect our data and systems, and comply with all legal and regulatory obligations.

• IT and Cyber Risk Management - Lead a team in developing and executing the company's global technology and cybersecurity risk management strategy for internally-developed and third-party technologies and services. Collaborate with leaders, staff, and other stakeholders to employ a GRC framework that is scalable, repeatable, measurable, and integrated into enterprise-wide risk management processes.
• Third-Party IT Risk Management - Own the design and continuous improvement of the third-party IT risk management program, including risk assessments, integrating IT risk management into the vendor selection, contracting, and ongoing monitoring lifecycle, and conducting due diligence for critical/high-risk third- and Nth-party relationships.
• Operational Technology (OT) Risk Management – Collaborate with OT and plant automation leadership on the design and implementation of the cybersecurity risk management strategy for OT. Orchestrate specialized risk assessments on OT infrastructure, identifying threats to system availability, integrity, and safety. Monitor critical risk metrics unique to the OT environment (e.g., legacy system exposure, remote access controls, segmentation status).
• Risk Management Lifecycle - Manage risks through intake, analysis, response, and monitoring in collaboration with subject matter experts and risk owners. This includes risks originating from third-party relationships. Facilitate and document risk response decisions. Validate execution of mitigation plans. Oversee continuous monitoring of risk responses.
• Risk Management Process Optimization - Execute, mature, and optimize technology and cybersecurity risk management processes, including risk identification, assessment, treatment/response, and reporting. Implement baseline automation and process improvements and iterate to improve risk management data and tooling.
• Risk Register - Maintain a comprehensive risk register and ensure risk treatment/risk response plans have clear accountability and timelines, including reporting and escalations. Leverage the risk register to support risk informed decisions by clearly communicating tradeoffs. Develop strategies and action plans in areas where existing controls do not mitigate risk in alignment with risk appetite and risk tolerance. Accurately document, prioritize, and track third-party IT and cybersecurity risks.
• Cybersecurity, IT, and OT Frameworks - Apply industry frameworks (e.g., COBIT, NIST Cybersecurity Framework (NIST CSF), NIST SP 800-37 Risk Management Framework, NIST 800-39 Managing Information Security Risk, NIST SP 800-82 Guide to Operational Technology Security) to develop decision-making and accountability structures for managing cybersecurity, IT, OT, and third-party IT risks.
• Communication and Reporting - Oversee development and execution of a communication plan for the technology, cybersecurity, and third-party IT risk programs. Build mechanisms to report findings, metrics, and risk responses to business and technology leadership. Define and report on key performance indicators (KPIs) and key risk indicators (KRIs) for the GRC program. Prepare communications on findings, risks, and strategic recommendations for senior management, audit committees, and the Board.
• Team Leadership - Coach a team of technology and cybersecurity risk analysts. Create an environment that encourages building technical risk analysis skills. Provide mentorship and guidance to team members.
• Collaboration - Scale the risk framework across the organization. Foster a culture of agility, innovation, and cooperation with key stakeholders across IT, OT, Legal,…