Director, Information Risk & Compliance in Wood Dale, Illinois at Danaher

Date Posted: 6/19/2019

Job Snapshot

Job Description

Job ID: COR001460

About Us

Danaher is a global science & technology innovator committed to helping our customers solve complex challenges and improve quality of life worldwide. Our world class brands are leaders in some of the most demanding and attractive industries, including life sciences, medical diagnostics, dental, environmental and applied solutions. Our globally diverse team of 71,000 associates is united by a common culture and operating system, the Danaher Business System, which serves as our competitive advantage. We generated $19.9B in revenue last year. We are ranked #162 on the Fortune 500 and our stock has outperformed the S&P 500 by more than 5,200% over 25 years.

At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. We're innovative, fast-paced, results-oriented, and we win. We need talented people to keep winning. Here you'll learn how DBS is used to shape strategy, focus execution, align our people, and create value for customers and shareholders. Come join our winning team.

Danaher is committed to competitive compensation that typically has key components including base salary, variable annual incentive compensation based on personal and company performance, and long-term incentive.


Description

We are currently seeking a Director, Information Risk & Compliance to lead the information risk management program within the Danaher Information Security organization. This leadership role will oversee the effective identification, assessment, monitoring, and reporting of risk and the surrounding controls environment across the Danaher organization. Reporting directly to the Global CISO, this role leads a small team to bring thought leadership and analytical risk quantification together in partnering with business stakeholders to deliver effective cyber risk management practices.

Responsibilities:
  • Build and maintain a scalable, sustainable, and robust cyber risk management program including governance, assessment, monitoring, and reporting procedures
  • Develop, measure, and maintain a security controls framework that consists of standards, measures, practices, and procedures that provides assurance of compliance to regulatory requirements (NIST CSF & 800-53, ISO 27001, PCI, CCPA, and SOX)
  • Build a robust third-party supplier risk program to quantify and recommend compensating controls or risk mitigation techniques to reduce inherent risk within business operations
  • Establish a Data Protection Program to drive a data driven approach for classifying, discovering, enforcing, and maintaining company data through the data management lifecycle
  • Create and maintain security policies, procedures, and standards to govern application and enforcement of the controls environment
  • Ensure timely and effective continuous risk monitoring, measurement, and tracking through external service providers for current and emerging threats and impact on business objectives
  • Lead a small team of direct reports and lead through influence operating company personnel in managing risk to acceptable levels
  • Maintain, track, and improve KPIs and KRIs tied to effectively operating the cyber risk management program

Job Requirements



Qualifications

  • Bachelor's degree in computer science, technology or related field
  • Relevant security certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK, etc.) are a plus 
  • Minimum 10 years’ experience in Information Security and/or IT Risk/Audit organizations
  • Leadership experience in a large, matrixed organization
  • Experience assessing administrative and technical controls impact on risk and translating resulting impact to non-technical stakeholders
  • Experienced rolling out risk management frameworks such as FAIR or OCTAVE in an enterprise environment
  • Experienced with security control frameworks including: NIST Cybersecurity Framework, SOX, SOC 2, NIST 80-53, ISO 27001, and PCI
  • Knowledgeable on IT General Controls and applicability to IT SOX compliance requirements
  • Strong understanding of the terminology, concepts, IT controls and best practices across key risk areas including risk assessment methodologies, identity and access management, cloud/SaaS, application security data loss prevention, networks, systems design and operations, and incident management
  • • Periodic travel up to 20% of timeImportant Competencies
  • Ability to learn and adapt to new requirements and priorities while driving to consistent outcomes
  • Proven ability to drive cultural change across an organization in achieving a risk-based decision-making culture
  • Demonstrated ability to analyze complex matters and produce detailed and prioritized actions to a defined conclusion
  • Demonstrated strategic thought leader experienced in leading organizational change and applying creative problem-solving approaches to deliver intended outcomes
  • Experienced managing a team of direct reports and well versed in leading through influence to achieve a common objective
  • Self-motivated, able to work independently and with a team 
  • Ability to communicate complex technical concepts in a comprehendable manner to non-technical person
  • Excellent communication skills, written and verbal



Danaher Corporation Overview

Danaher is a global science & technology innovator committed to helping our customers solve complex challenges and improve quality of life worldwide. Our world class brands are leaders in some of the most demanding and attractive industries, including life sciences, medical diagnostics, dental, environmental and applied solutions. Our globally diverse team of 71,000 associates is united by a common culture and operating system, the Danaher Business System, which serves as our competitive advantage. We generated $19.9B in revenue last year. We are ranked #162 on the Fortune 500 and our stock has outperformed the S&P 500 by more than 5,200% over 25 years.

At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. We're innovative, fast-paced, results-oriented, and we win. We need talented people to keep winning. Here you'll learn how DBS is used to shape strategy, focus execution, align our people, and create value for customers and shareholders. Come join our winning team.

Danaher is committed to competitive compensation that typically has key components including base salary, variable annual incentive compensation based on personal and company performance, and long-term incentive.