Senior Global Cybersecurity Risk Manager (Remote or Hybrid)

Location US-IL-Northbrook | US-NJ-Milltown | US-GA-Atlanta | US-TX-Plano | US-TN-Franklin | US-CA-San Francisco | US-TX-Plano | US-Las Vegas | US-DC-Washington, D.C. | US-NY-Long Island City | US-Tampa | ...
Job ID
2022-30305
# of Openings
1
Job Category
Information Technology

 

Strategic Support - Woman Building Sun - Secure

At UL, we know why we come to work.

Thousands of us around the world wake up every day with a common purpose: to make the world a safer, more secure and sustainable place. Science is in our DNA; we are endlessly curious and passionate about seeking and speaking the truth. We take delight in knowing that our work makes a meaningful contribution to society, and we are proud that our culture is centred on integrity, collaboration, inclusion and excellence. UL Solutions stands at the forefront of technological advancement, and we are continually challenged to find new ways to foster innovation and positive change. Satisfying? Yes. Exciting? Absolutely!

 

The Global Cybersecurity Risk Senior Manager will be responsible for identifying, analyzing, reporting, and influencing the management of information risks across the organization. The candidate will also be accountable to ensure that his or her organization’s vendor ecosystem is properly evaluated, assessed, and managed to minimize risk exposure and risk impacts to the business. 

 

The Global Cybersecurity Risk Senior Manager’s responsibility is to anticipate, identify, monitor, and mitigate risks associated with operational and third-party providers. Vendor risk management will include a vendor’s information security practices, government, legal and industry compliance. In addition, the Global Cybersecurity Risk Senior Manager is tasked with compiling data and completing documentation related to operational and third-party risks, as well as ensuring that the issues that arise are appropriately captured, assessed, and mitigated to acceptable levels. This role will be part of global cybersecurity leadership team, reporting to the Global Cybersecurity GRC Director. 

What you’ll learn & achieve:

The Global Cybersecurity Risk Senior Manager candidates will be evaluated based on their ability to lead a team and perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include: 

  • Performs focused information risk assessments of existing or new services and technologies, along with business counterparts.
  • Communicates risk assessment findings to team owners and custodians of information risk “business partners,” or information governance teams and information security teams.
  • Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
  • Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
  • Tracks identified risks and risk events
  • Communicates identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and the addressing of these issues
  • Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
  • Coordinates the identification and ranking of vendor risks
  • Coordinates the classification and tiering of vendors by risks and risk impacts
  • Builds communication and escalation plans around vendor risk management activities within the enterprise
  • Understands and applies relevant regulatory and legal compliance requirements
  • Manages vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies
  • Develops, monitors and possibly executes vendor remediation actions, mitigation and contingency plans when risks or events are identified
  • Ensures third- (and increasingly, fourth) party vendor regulatory compliance
  • Coordinates the gathering of vendor risk assessment data and prepares risk assessments for critical-related vendors as needed, to be published and communicated to stakeholders
  • Influences vendors and business partners to ensure compliance with risk management policies
  • Partners with sourcing and vendor relationship/contract management functions where they are not part of this group to manage vendor behavior
  • Collaborates, as appropriate, with information security, finance, compliance and/or disaster recovery and business continuity management and other risk functions to maintain an enterprise risk management program
  • Works with regulatory officers and auditors as necessary
  • Develops and coordinates vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model

What makes you a great fit:

A successful Global Cybersecurity Risk Senior Manager candidate will have the expertise and skills described below. 

 

Education, Training and Previous Experience 

Candidates will be evaluated primarily on their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows: 

  • BS or MA in Business, Computer Science, Information Security, or a related field
  • [5+] years of work experience in information security, especially in an information senior cybersecurity risk role
  • [5+] years of experience in managing risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation, and remediation if risk
  • Technical background or demonstrable understanding of a range of operational and IT risks and operations
  • Strong business background; experience gathering and interpreting risks and associated impacts in the context of financial and operational concerns
  • Strong understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits
  • [8+] years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)

Desired, but not required: 

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)

 

Knowledge and Skills 

  • Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
  • An understanding of organizational mission, values, goals and consistent application of this knowledge.
  • An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
  • An ability to apply original and innovative thinking to produce new ideas.
  • An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
  • An ability to effectively influence others to modify their opinions, plans or behaviors.
  • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
  • Strong problem-solving and troubleshooting skills.

 

Personal Characteristics (Optional) 

  • Can interface with, and gain the respect of, stakeholders at all levels and roles in the company.
  • Is a confident, energetic self-starter, with strong interpersonal skills.
  • Has good judgment and a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
  • Instinctive and creative.
  • Self-motivated and possessing a high sense of urgency and personal integrity.
  • Highest ethical standards and values.

What you’ll experience working at UL:

  • Mission: For UL, corporate and social responsibility isn’t new. Making the world a safer, more secure and sustainable place has been our business model for the last 125 years and is deeply engrained in everything we do.  You will shape the way we approach and deliver our solutions to promote safe living and working environments for people everywhere.
  • People: Ask any UL employee what they love most about working here, and you’ll almost always hear, “the people”. Work with colleagues, who you can listen and learn from and challenge each other so that you can continually push for excellence and results.
  • Interesting work: Your work at UL will challenge you to try fresh approaches, be empowered to drive change and help you gain in-depth experience in your field. And as a global company, in many roles,  you will get international experience working with colleagues around the world.
  • Grow & achieve: Growth and development are part of our DNA. Grow & achieve with targeted development, reward and recognition programs as well as our very own UL University that offers extensive training programs for employees at all stages as well as a technical training track for applicable roles.

Learn More:

Working at UL Solutions is an exciting journey that twists and turns daily. We thrive in the twists and revel in the turns. This is our every day. This is our normal.


Curious? To learn more about us and the work we do, visit our company page www.UL.com

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply, or can't find a relevant opportunity?
Connect with us to keep informed about the latest UL career opportunities, tailored to your interests.

If you wish to request reasonable accommodation at any time, please email our Talent Acquisition team at Talent.Acquisition@ul.com.

UL is an Equal Opportunity Employer: Female/Minority/disability/Protected Veteran/Sexual Orientation/Gender Identity

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. If you'd like more information about your EEO rights as an applicant under the law, please review the EEO is the Law and EEO is the Law Supplement.

Please review the following additional documents:

UL EEO Policy

Pay Transparency Statement

E-Verify Poster (English)

Right to Work Poster (English)