What are the responsibilities and job description for the Governance Risk and Compliance Director position at Sherwin-Williams?
Job Description
The Director of Governance Risk and Compliance will manage and lead the in three key Enterprise Risk & Resilience (ER&R) programs: awareness and training, IT compliance and Privacy compliance. These programs are enterprise level programs that ensure the company is compliant with global Cybersecurity laws and regulations.
To be successful in this role, the Director is skilled in current Cybersecurity management process and platforms with a strong understanding of the operations and related technologies that are used to maintain compliance. This role reports directly to the Sr. Director of GRC.
Success in role requires an authentic people leader with strong leadership experience who will be able to balance team objectives, hands-on leadership of the varied Cybersecurity and IT processes and collaboration across multiple IT and business organizations. Leadership and vision in driving the future state objectives of the organization in alignment with Cybersecurity and business goals will be essential to success.
Responsibilities
Success in role requires an authentic people leader with strong leadership experience who will be able to balance team objectives, hands-on leadership of the varied Cybersecurity and IT processes and collaboration across multiple IT and business organizations. Leadership and vision in driving the future state objectives of the organization in alignment with Cybersecurity and business goals will be essential to success.
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future.
Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.
Must be eighteen years or older
Qualifications
FORMAL EDUCATION:
Required:
Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
Preferred: Master’s degree in Business Administration, Information Science, Information Assurance or Policy & Risk Analysis CISSP, CRISC, CISM, GSLC, CIPM
KNOWLEDGE & EXPERIENCE:
Required:
Required:
At Sherwin-Williams, our purpose is to inspire and improve the world by coloring and protecting what matters. Our paints, coatings and innovative solutions make the places and spaces in our world brighter and stronger. Your skills, talent and passion make it possible to live this purpose, and for customers and our business to achieve great results. Sherwin-Williams is a place that takes its stability, growth and momentum and translates it to possibility for our people. Our people are behind the strength of our success, and we invest and support you in:
Life … with rewards, benefits and the flexibility to enhance your health and well-being
Career … with opportunities to learn, develop new skills and grow your contribution
Connection … with an inclusive team and commitment to our own and broader communities
It's all here for you... let's Create Your Possible
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/ . Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable.
Sherwin-Williams is proud to be an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.
Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.
The Director of Governance Risk and Compliance will manage and lead the in three key Enterprise Risk & Resilience (ER&R) programs: awareness and training, IT compliance and Privacy compliance. These programs are enterprise level programs that ensure the company is compliant with global Cybersecurity laws and regulations.
To be successful in this role, the Director is skilled in current Cybersecurity management process and platforms with a strong understanding of the operations and related technologies that are used to maintain compliance. This role reports directly to the Sr. Director of GRC.
Success in role requires an authentic people leader with strong leadership experience who will be able to balance team objectives, hands-on leadership of the varied Cybersecurity and IT processes and collaboration across multiple IT and business organizations. Leadership and vision in driving the future state objectives of the organization in alignment with Cybersecurity and business goals will be essential to success.
Responsibilities
Success in role requires an authentic people leader with strong leadership experience who will be able to balance team objectives, hands-on leadership of the varied Cybersecurity and IT processes and collaboration across multiple IT and business organizations. Leadership and vision in driving the future state objectives of the organization in alignment with Cybersecurity and business goals will be essential to success.
- Facilitate the adoption of the Cyber processes and technologies throughout the business units within the company
- Oversee and facilitate the Cyber risks framework and alignment of the Cyber risk framework with the enterprise risk management processes
- Provide management and facilitation of the Cyber training, awareness, and communication programs
- Provide management and facilitation of Cybersecurity and IT compliance program
- Provide management and facilitation of the privacy compliance program
- Provide management and facilitation of international privacy program
- Business Acumen and Partnering
- Business Partnering and Ideation
- Project Risk Assessment Consulting and Assurance
- Cyber Processes and technologies
- Cyber Policies, Standards, and Controls
- Training awareness and communication
- Risk and Compliance Metrics and Reporting
- Continuous Controls Monitoring
- Controls Testing and Compliance
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. Must be legally authorized to work in the country of employment without needing sponsorship for employment work visa status now or in the future.
Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.
Must be eighteen years or older
Qualifications
FORMAL EDUCATION:
Required:
Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
Preferred: Master’s degree in Business Administration, Information Science, Information Assurance or Policy & Risk Analysis CISSP, CRISC, CISM, GSLC, CIPM
KNOWLEDGE & EXPERIENCE:
Required:
- 12 years of IT/Cybersecurity experience
- 9 years of leadership experience in managing global security programs and applying information security, risk management, compliance and privacy practices.
- 9 years of leadership experience in Governance, Risk & Control, Audit, etc. preferably from a similar ecosystem.
- Proven experience interfacing with senior executives and business leader level and communicating complex cyber security concepts in business-relevant ways.
- 8 years of experience working with privacy, security and/or financial laws (such as PCI-DSS, GLBA, FIPS, SOX, and data breach reporting laws), generally accepted cybersecurity principles, and accepted industry practice.
- 8 years managing a team of direct reports.
- 10 years working in the Manufacturing or Consumer Products industry.
- Experience working with Global Privacy and Cybersecurity laws and regulations.
Required:
- Demonstrates industry leading security innovation skills and an eye towards understanding the threat environment from a preventative posture.
- Strong demonstrated knowledge of enterprise systems, cloud solutions and IT/security technologies.
- Information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
- Experience in strategic planning, budgeting, and allocation.
- Clear and concise verbal and written communication.
- Business system continuity planning, auditing, and risk management related to information security.
At Sherwin-Williams, our purpose is to inspire and improve the world by coloring and protecting what matters. Our paints, coatings and innovative solutions make the places and spaces in our world brighter and stronger. Your skills, talent and passion make it possible to live this purpose, and for customers and our business to achieve great results. Sherwin-Williams is a place that takes its stability, growth and momentum and translates it to possibility for our people. Our people are behind the strength of our success, and we invest and support you in:
Life … with rewards, benefits and the flexibility to enhance your health and well-being
Career … with opportunities to learn, develop new skills and grow your contribution
Connection … with an inclusive team and commitment to our own and broader communities
It's all here for you... let's Create Your Possible
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/ . Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable.
Sherwin-Williams is proud to be an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.
Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.
Salary : $156,926 - $205,495