Sr Manager, Information Risk & Compliance in Wood Dale, Illinois at Danaher

Date Posted: 7/19/2019

Job Snapshot

Job Description

Job ID: COR001450

About Us

Danaher is a global science & technology innovator committed to helping our customers solve complex challenges and improve quality of life worldwide. Our world class brands are leaders in some of the most demanding and attractive industries, including life sciences, medical diagnostics, dental, environmental and applied solutions. Our globally diverse team of 71,000 associates is united by a common culture and operating system, the Danaher Business System, which serves as our competitive advantage. We generated $19.9B in revenue last year. We are ranked #162 on the Fortune 500 and our stock has outperformed the S&P 500 by more than 5,200% over 25 years.

At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. We're innovative, fast-paced, results-oriented, and we win. We need talented people to keep winning. Here you'll learn how DBS is used to shape strategy, focus execution, align our people, and create value for customers and shareholders. Come join our winning team.

Danaher is committed to competitive compensation that typically has key components including base salary, variable annual incentive compensation based on personal and company performance, and long-term incentive.


Description

We are currently seeking a highly motivated and talented Senior Manager, Information Risk & Compliance to join the Danaher Information Security organization to oversee 2nd line of defense controls monitoring, and evaluation policies and processes enabled through tools and techniques.

This role is a key member of the larger cybersecurity program for ensuring appropriate levels of cyber and regulatory compliance risk are maintained across a global portfolio of operating companies. This role is responsible for the cyber risk and regulatory risk environments to independently assess and articulate business risks, monitor and report on risk remediation, and maintain appropriate assurance levels over IT General Controls. This role is also responsible for educating and training Danaher associates on cyber risks. This is an opportunity for the right candidate to further transform a strong program to reach continued excellence in this critical space.

Responsibilities:
  • Manage the day-to-day 2nd LOD monitoring and performance of the IT SOX program
  • Collaboratively partner with adjacent functional areas in Internal Audit, portfolio operating companies, IT, HR, Finance, and external audit organizations in identifying and managing risks
  • Provide and perform independent assurance and validation activities over common security controls including both administrative and technical procedures
  • Perform and oversee the risk assessment framework and processes in identifying technical and administrative control gaps against an existing and evolving cyber threat landscape
  • Drive continuous process improvement measures through use of metrics, workshops, and relationship building and measure and track progress against KPIs and KRIs
  • Use of strong analytical and statistical skills to correlate and identify anomalies and trends in risk management
  • Perform continuous risk monitoring, measuring, and tracking through external service providers as part of the overall risk management framework
  • Assess the accuracy, completeness, and sufficiency of the risk management governance framework, processes and methodologies. Identify and define emerging cyber threats and risks to the firm’s environment
  • Develop, measure, and maintain a security controls framework that consists of standards, measures, practices, and procedures that provides assurance of compliance to regulatory requirements (NIST CSF & 800-53, ISO 27001, PCI, CCPA, and SOX)
  • Manage an Exceptions/Variance program that tracks program risk against policies and standards

Job Requirements



Qualifications

  • Bachelor’s degree in Computer Science, Technology or related field
  • Relevant security certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK, etc.) are preferred
  • Minimum 5 years’ in a combined risk management, technology audit, or controls assessment role
  • Experience assessing administrative and technical controls impact on risk and translating resulting impact to non-technical stakeholders
  • Experience with risk management frameworks such as FAIR or OCTAVE
  • Experience with security control frameworks including: NIST Cybersecurity Framework, SOX, SOC 2, NIST 80-53, ISO 27001, and PCI.
  • Experience assessing controls in public and private cloud technologies/environments (SaaS, IaaS, and PaaS)
  • Periodic travel up to 20% of time


Danaher Corporation Overview

Danaher is a global science & technology innovator committed to helping our customers solve complex challenges and improve quality of life worldwide. Our world class brands are leaders in some of the most demanding and attractive industries, including life sciences, medical diagnostics, dental, environmental and applied solutions. Our globally diverse team of 71,000 associates is united by a common culture and operating system, the Danaher Business System, which serves as our competitive advantage. We generated $19.9B in revenue last year. We are ranked #162 on the Fortune 500 and our stock has outperformed the S&P 500 by more than 5,200% over 25 years.

At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. We're innovative, fast-paced, results-oriented, and we win. We need talented people to keep winning. Here you'll learn how DBS is used to shape strategy, focus execution, align our people, and create value for customers and shareholders. Come join our winning team.

Danaher is committed to competitive compensation that typically has key components including base salary, variable annual incentive compensation based on personal and company performance, and long-term incentive.