Senior Manager Technology and Cybersecurity Governance - Erlanger, KY

Job Summary 
We are looking for a highly accomplished Senior Manager of Technology and Cybersecurity Governance to lead our IT and cybersecurity governance program as part of the Global Technology organization's governance, risk, and compliance (GRC) function. In this senior role, you will be responsible for defining, implementing, and overseeing the governance framework that protects our global enterprise, spanning traditional Information Technology (IT), critical Operational Technology (OT) environments, and cybersecurity. As a publicly-traded global manufacturing leader, our operations require a seasoned manager who can navigate complex regulatory landscapes and govern IT, OT, and cybersecurity initiatives in alignment with our business and operational objectives. 

You will be a key leader and subject matter expert, responsible for driving a culture of security and accountability. This role is instrumental to ensuring we maintain our operational integrity, protect our data and systems, and comply with all legal and regulatory obligations. 

Key Responsibilities 

IT and Cyber Governance: Lead a team in developing and executing the company's global IT and cybersecurity governance strategy. Collaborate with leaders, staff, and other stakeholders to employ a GRC framework that is scalable, repeatable, measurable, and integrated into enterprise-wide risk management processes. Operational Technology (OT) Governance: Work with OT leadership to embed technology and cybersecurity governance without disrupting critical manufacturing processes. Provide guidance on implementing technology governance in manufacturing environments, including IT/OT intersections, industrial control systems (ICS), plant automation, and IoT.  Global Policy and Standards: Own and manage the full lifecycle of IT and cybersecurity policies, standards, and procedures. Ensure these documents are not only compliant with global regulations but also practical and effective for both IT and Operational Technology (OT) environments. Cybersecurity, IT, and OT Frameworks: Apply industry frameworks (e.g., COBIT, NIST Cybersecurity Framework (NIST CSF), NIST SP 800-37 Risk Management Framework, NIST800-39 Managing Information Security Risk, NIST SP 800-82 Guide to Operational Technology Security) to develop decision-making and accountability structures for governing IT, OT, and cybersecurity. Reporting and Communication: Define and report on key performance indicators (KPIs) and key risk indicators (KRIs) for the GRC program. Prepare communications on findings, risks, and strategic recommendations for senior management, audit committees, and the Board. Internal and External Assurance: Serve as the primary point of contact for IT and cyber governance-related internal and external audits. Support the audit response process and remediation activities to ensure timely and effective resolution of findings. Mentorship and Team Leadership: Provide mentorship and guidance to members of the governance team. Drive a collaborative culture with key stakeholders across IT, OT, Legal, Internal Audit, Compliance, ERM, and various global business units. Additional duties as assigned. 

Job Requirements 

Bachelor's degree in information technology, cybersecurity, business, or a related field. An MBA or advanced degree is preferred. Minimum of 8-10 years of progressive experience in IT or cybersecurity governance, risk, and compliance (GRC), with at least 5 years in a leadership or senior management role. Extensive experience within a global, publicly-traded company is essential. Experience in traditional IT and manufacturing Operational Technology (OT) environments and the distinct security and governance challenges they present. Strong leadership and team management skills, with the ability to build and motivate high-performing teams. Expert knowledge of regulations and frameworks, including SOX, SEC Cybersecurity Disclosure Rules, NIST CSF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-82, NIS2, and ISO 27001. Proven experience with OT-specific security standards such as IEC 62443 is a significant advantage. Professional certification such as CRISC, CGEIT, or CISA is required. Exceptional strategic thinking, communication, and presentation skills, with a proven ability to influence and collaborate with executive-level stakeholders. Willingness to travel internationally as needed. 

Excited about this role but don’t think you meet every requirement listed? We encourage you to apply anyway. You may be just the right candidate for this role or another one of our openings.

ADM requires the successful completion of a background check. 

REF:102208BR