Full Job Description
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
Looking for a dynamic security leader to join the Enterprise & Technology Security (E&TS) organization as we help drive an improved IT security & privacy posture at IBM. This is a demanding role and the candidate will be responsible for implementing and managing the firm’s Cybersecurity Risk Program. The candidate will be based in Armonk, NY, and will have extensive, ongoing interaction with senior executives across various IBM locations.
The Cybersecurity Risk Management Program within IBM E&TS is responsible for establishing and implementing the firm’s cybersecurity risk management framework to identify, assess and manage cybersecurity risk in conformance with industry standards and regulations. The candidate is responsible to assess critical cybersecurity risk areas and provide their analysis and recommendations to senior management to make an informed decision. Within the cybersecurity risk program, the candidate will also be responsible for improving and managing supplier security risk program globally. Supply chain attack is a key threat area for the organization and this role is responsible to identify, assess and mitigate supply chain security risk.
We're looking for a capable security leader with proven record of delivering global security programs.
Responsibilities of this Enterprise & Technology Security role include:
Serves as a leader for cyber security risk domain, developing, implementing and managing the firm’s global cybersecurity risk management strategy, framework and approach.
Conduct appropriate risk and control challenge and assessment activities to ensure integrated understanding and monitoring of system risks.
Mature supplier security risk management program and expand the program to cover critical supply chain risk areas
Recruit and train security talents and deploy tools and processes to improve and scale supplier security risk program
Implement a continuous monitoring program for suppliers using a risk based approach
Motivate teams and drive execution of the program
Collaborate and work with stakeholders for successful delivery of the program
Through objective verbal and written communications and briefings to provide cybersecurity risk oversight and insight to firm Governance Committees and Senior Management.
Will report into the Governance & Risk Management lead but will have a close working relationship with all E&TS leadership team, including the IBM CISO
Overall this team is looking for an energetic security leader with a great sense of humor, enjoyment for their job and an enthusiasm for cybersecurity!
Required Technical and Professional Expertise
10 years of cybersecurity experience
Thought leader in risk management solution especially a simple and automated solution for effectively managing cyber security risks in digital era.
Expertise in third party risk management
Extensive knowledge and understanding of current and emerging cybersecurity risks, and innovative risk management frameworks and methods.
Strong knowledge of cybersecurity regulations, laws and standards.
Ability to collaboratively develop a cybersecurity risk management strategy in conjunction with numerous and diverse stakeholders.
Prior experience in defining enterprise security policies, standards, and controls.
Experience with cybersecurity operational metrics and dashboards, and managing performance effectiveness and improvement.
Experience in working with diverse cross geography teams.
Self-motivated individual, comfortable working without close supervision and with ability to work to deadlines.
Preferred Technical and Professional Expertise
5 or more years of risk management leadership and experience in one or more of the following areas: Information Security Risks Management, Technology Governance, or Operational Risk Management.
Direct experience with control design and implemention in the Information Security, Technology Risk, BCP, Technology Controls or Technology Risk Management fields is a significant advantage.
Extensive knowledge and experience in implementing and leading information security policy and risk management programs in in compliance with industry standards such as NIST Cybersecurity Framework, FFIEC Cybersecurity Assessment Tool, Cobit/RiskIT, ISO 27001, and GLBA.
Strong analytical & communication skills required
About Business Unit
IBM Corporate Headquarters (CHQ) team represents a variety of functions such as marketing, finance, legal, operations, HR, and more, all working together to solve some of the world's most complex problems, help our clients achieve success and build collaborative work environments for IBMers.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.