IT Risk Manager - full-time direct position! Ideally hybrid in Illinois.

The IT Risk Management Manager is responsible for leading a dynamic team tasked with identifying, assessing, reporting, and mitigating IT and cybersecurity risks, both internally and in collaboration with external partners, vendors, and customers. In this role, you will navigate the diverse landscape of operations, customers, and third-party engagements to enhance and operationalize global IT risk management capabilities. Serving as the company's "IT Risk Ambassador," you will consult with business stakeholders and provide comprehensive advice on IT and Cyber risks. Reporting to the Director of Governance, Risk, & Compliance, you will actively engage with Legal, IT, HR, Commercial, and Operations functions globally.

Key Responsibilities:

• Recruit, lead, and mentor a high-performing team of IT risk professionals.
• Foster relationships, advocate for, and consult with various functional and business stakeholder groups on cybersecurity risk matters.
• Drive the development of IT and cyber risk management strategies, roadmaps, and project portfolio plans.
• Oversee the creation and maintenance of IT security policies, procedures, and standards.
• Lead global cybersecurity awareness and training programs.
• Chair the Cybersecurity Risk Management Steering Committee function on a global scale.
• Direct the security assessment program and conduct internal and external security assessments.
• Define, manage, and lead the risk intake, risk register, risk treatment, and risk reporting processes.
• Enhance global cyber risk management processes and capabilities.
• Spearhead response activities for customer cyber due diligence and questionnaire requests.
• Develop and lead vendor cyber risk management capabilities.
• Collaborate with legal and commercial teams for customer and vendor contract reviews.
• Advance security metric reporting and dashboarding capabilities.
• Lead the implementation and operationalization of the ServiceNow Risk Management platform.
• Provide project management leadership for security-related transformation initiatives, ensuring timely and within-budget delivery.
• Assist with incident response or event management as needed, including occasional involvement outside regular work hours.

Education:

Experience (North America):

• Over 8 years of cybersecurity experience, encompassing governance, assessments, 3rd party risk, compliance, and IT/cyber risk management.
• Demonstrable knowledge and experience using/assessing against security and controls frameworks such as NIST CSF, NIST 800-53, NIST 800-37, ISO27001, or equivalent.
• Proficiency in common risk management tools like Archer, ServiceNow IRM, MetricStream, or similar.
• 5+ years of experience leading risk management processes, including risk register, treatment, and reporting.
• Over 5 years of experience performing cyber risk assessments, risk quantification, and prioritization.
• Demonstrable experience in establishing and operationalizing security metric and risk reporting programs.
• 3+ years of experience in security contract reviews (redlining) or a similar function.
• Excellent communication skills to articulate complex risk concepts to both technical and non-technical audiences.
• Strong listening skills to capture and understand stakeholder requirements for translation into effective security controls.
• 3+ years of experience and understanding of audit or compliance.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Bachelor's degree or equivalent.
• Over 10 years of experience in Information Technology, preferably in Cybersecurity.

EMAIL ME: [email protected]