Vacancy expired!
Sr. Director, Risk ID & Assessment
Would you like to ensure security of our global organization?Would you like to lead a team that ensures compliance standards are met?Join our Digital Technology Team!We operate at the heart of the digital transformation of our business. From Digital Engineering to enabling employee success, the Digital Technology (DT) team is driven to provide the best products and services. We collaborate with the business and DT teams to grow the cybersecurity maturity level of the enterprise and ensure the highest standards are met.Partner with the bestThe Senior Director of Risk Identification and Assessment works collaboratively within a team to build and support the cybersecurity function of Baker Hughes in the development and implementation of strategic plans that drive maturity growth of cybersecurity posture.As a Senior Director of Risk ID & Assessment you will:- Build and Lead a high performing team of 15+ cyber professionals in understanding the overall risk profile of the enterprise including IT, OT and digital products risks
- Grow the technical and leadership strength of the team by coaching and mentoring team members and helping the development of their careers
- Establish and continuously improve processes to identify and assess digital risks associated with 3rd party suppliers, partners, technologies, solutions, as well as their impact on the business operations and objectives
- Communicate the criticality of certain risk elements and facilitate the understanding of a big picture view of cybersecurity risk profile
- Provide oversight and guidance for the development and implementation of security solutions in projects and major changes including controls execution and security architecture review
- Ensure compliance with information security policies and established security controls in newly developed or improved technology solutions
- Responsible for the collaboration with project teams, delivery organizations, product companies and stakeholders on the on-going understanding of emerging risk and impact
- Developing metrics and dashboards to monitor and measure the effectiveness of certain risk management processes, and communicate progress in reducing risk
- Partnering with IT and the business, focusing on areas of highest IT and cyber risk, to continuously improve automation of risk management activities
- Deliver timely and concise communication, including developing and producing management reports, illustrating status, trends, and action plans
- Participate in the enterprise risk management process and be the subject experts of all cybersecurity risk exposures
- Apply quantitative measures whenever possible or applicable to help the understanding of risk and impact
- Have strong leadership skills and experience leading a team in achieving business objectives and goals while coaching and mentoring team members in their career development
- Have a 15+ years of combined experience in protecting information technology assets and sensitive data such as roles in IT risk management, IT operations or IT audit
- Have extensive experience in designing and implementing cybersecurity and data privacy programs based on business drivers, desired risk profiles and security posture
- Have an ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner
- Have in depth understanding of security technology, tools and best practices
- Have experience in project management practices, tooling, and managing projects through the SOX, GDPR, and/or NIST/ISO 27001/ISA 62443 lifecycle
- Have knowledge of COSO/COBIT framework and experience applying the framework in a manner that supports SOX, GDPR, and/or NIST/ISO 27001 compliance and operational efficiencies
- Have experience with a major governance, risk and compliance (GRC) tool, such as Archer or Service Now
- Have demonstrated track record of technical expertise with one or more SOX, GDPR, and/or NIST/ISO 27001/ISA 62443
- Have Information security certifications (CISSP, CISM, CISA, etc.)
- Working flexible hours - flexing the times when you work in the day to help you fit everything in and work when you are the most productive
- This role will be remote based
- Contemporary work-life balance policies and wellbeing activities
- Comprehensive private medical care options
- Safety net of life insurance and disability programs
- Tailored financial programs
- Additional elected or voluntary benefits
Vacancy expired!