Share this Job

Information Security GRC Manager

Date: Jan 15, 2021

Location: Nashville, TN, US, 37228

Company: A. O. Smith Corporation

About Us

Water technology is one of the fastest-growing industries in the world. As a leading global water technology company, A. O. Smith Corporation (NYSE: AOS) is at the center of the trend. We are a $3 billion company with over 140 years of history and more than 16,000 employees worldwide. Our emphasis is on hot water and clean water; we are one of the world’s largest manufacturers of residential and commercial water heating equipment as well as a supplier of water purification products in a number of emerging countries.

With manufacturing operations in the United States, Canada, Mexico, China, India, and Europe, we have the global reach to serve customers worldwide. A. O. Smith is committed to continuous improvement and maintaining a culture that values and respects our employees. We care about our associates and have programs in place to help our team members achieve their potential. When you join our team, you will receive rewards and recognition for your contributions, training and professional development opportunities, as well as a variety of benefits to support you and your family's health, well-being, and financial future. If you are inspired to learn, take risks, and succeed as a team, you can build an amazing career at A. O. Smith.

This role is located in our modern Nashville IT office, located just minutes from downtown in Metro Center, with easy interstate access and free parking.  

 

Primary Function

A.O. Smith is seeking a passionate and motivated Information Security Governance, Risk, & Compliance Manager to build a foundational information security GRC practice.  As an Information Security GRC Manager, you will be responsible for proactively protecting information assets from unauthorized or inappropriate access, use or disclosure as well as business disruptions and will lead Security efforts to support global regulatory requirements including but not limited to Data Privacy efforts. You will Develop appropriate and necessary policies, processes and controls to ensure A.O. Smith meets all applicable security and compliance related requirements and help execute/manage third party certification processes (such as PCI, GDPR, SOC 2, etc.) across the global enterprise. Additionally, you will be responsible for supporting any internal or external audits, performing vendor due diligence, responding to security assessments, and performing audits and risk management of key A.O. Smith third parties. Successful candidates will need a strong foundation in Information Security and a strong desire for continuous learning.

 

Our ideal candidate thrives in collaborative team environments, has strong leadership skills, is comfortable interacting with staff who have varying degrees of technical knowledge, has strong problem-solving skills with a drive to understand how things work, and isn’t afraid to ask questions.

 

 

Responsibilities

Role Specific Responsibilities

  1. Responsible for managing Information Security Governance, Risk & Compliance functions to implement our global security policies, standards and controls at a global level.
  2. Own and drive Governance, Risk, & Compliance for the global enterprise.
  3. Manage, and coordinate information security assessments with 3rd party partners.
  4. Acts as subject matter expert for Information Security in support of the global Privacy initiatives.
  5. Monitors and reviews regulatory updates and issues relative to pertinent security regulatory requirements (such as GDPR, PCI or SOX) and escalates findings appropriately.
  6. Lead and manage GRC related projects
  7. Represent the cyber security function in multiple forums
  8. Report directly to the Director of Information Security
  9. Develop and manage cybersecurity policy, risk, and overall security best practices
  10. Other duties may be assigned as needed.

Qualifications

  • Working knowledge of Governance, Risk, & Compliance platforms
  • Working knowledge of Information Security Policy
  • Strong organizational skills and attention to detail
  • Excellent written and verbal communication skills
  • Ability to deal tactfully and diplomatically with others
  • Flexibility to handle multiple priorities, sometimes simultaneously, under deadline pressure
  • CISSP or CISM  certifications

Education

Bachelor's Degree in Information Technology Management or Related Field

Years of Experience

Minimum of 7 years of related work experience or training
2-3 Years of Supervisory/Leadership Experience

We Offer

Competitive base salary and comprehensive benefits plans which include medical and dental insurance, company-sponsored life insurance, retirement security savings plan, short- and long-term disability programs and tuition assistance.


Nearest Major Market: Nashville

Job Segment: Information Security, IT Manager, Information Technology, Corporate Security, Technology, Security