This role in summary

The Director, Deputy Chief Information Security Officer is a critical senior member of the Global Cybersecurity team. This position will function as the interface between the Vice President, Chief Information Security Officer (CISO) strategic and process-based activities and the work of the Security Engineering and Operations Team. The Deputy CISO must be able to translate the risk requirements and constraints of the business into operational requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. This position will coordinate the technical operation activities to implement and manage a security shared services model, and to provide regular status and service-level reporting to the CISO and peers. 

The Deputy CISO will represent security requirements during yearly planning initiatives to ensure security measures are incorporated into strategic plans and that service expectations are clearly defined. This position has direct management responsibility for the following Global Cybersecurity functional areas: 

• Global Fusion Center, to include the Global Security Operations Center, Incident Response, Threat Surface Management and Threat Intelligence. 

• Global Security Engineering and Architecture. This organization is responsible for the selection, deployment and management of the technology stack in support of the Cybersecurity services outlined by our shared services model. This includes the definition of standards, blueprints and reference architectures that govern the proper utilization of technical controls across the global footprint. 

• Identity and Access Management Operations. This organization manages the lifecycle of all digital identities to include: provisioning/deprovisioning, Identity Governance, Access Reviews and Privileged Access Management.

Your responsibilities will include

• Manage teams, first line, and senior managers to delegate responsibilities as appropriate

• Drive strategy and business planning across the Fusion Center, Engineering/Architecture and IAM Ops functions

• Provide leadership to foster the culture required to deliver plans and projects, while encouraging innovative thinking, agility and prudent risk taking

• Actively influence application of industry trends; recognizing opportunities for transformation and embraces the role of Thought Leader within the industry

• Negotiate internal and external priorities, understanding interdependencies of business strategies and plans across the Enterprise

• Proactively build strategic relationships with senior leadership and influences strategic decision making

• Champion a risk-management culture that considers the application of security controls commensurate to the risk appetite of the organization

• Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment

• Drive and oversees effective staffing strategy, and processes in talent performance management and career development for the department

• Formally mentor other team members in career development

• Manage security incidents and participates/leads in problem and change management forums 

• Work with the CISO and business stakeholders to define metrics and develop reporting strategies that effectively communicate successes and progress of the security engineering operations programs 

• Manage all activities related to technical stack engineering, roadmapping, and the definition of strategies, standards, blueprints and reference architectures for end-point, data, network, cloud, application and IAM technologies 

• Manage and coordinates all components of incident management, including detection, response and reporting 

• Manage all activities of threat and vulnerability management and recommends treatment plans and communicate information about residual risk 

• Coordinate all aspects of Crisis Management as part of Cyber Incident Response protocols, to include a consistent process to educate employees, respond to incidents, interface with law enforcement and external service providers

• Manage all operational activities related to IAM Operations to include leading multiple vendor security teams that support the IAM organization globally for projects and day to day activities on identity management, access provisioning & deprovisioning, privileged access recertification across all Whirlpool’s IT platforms, systems and applications

• Respond to requests from auditors during the assessment of audit controls

• Create and manage plans for measuring security improvements and ensuring appropriate goals are established/tracked

• Lead projects leveraging global teams with highly matrixed resources

Minimum requirements

• Bachelor’s degree required, preferably in Computer Science, Information Systems or equivalent

• 10+ years of managing cybersecurity engineering and operations functions

• A security certification to include: CISSP, CISM, CRISC, CCISO and other technical certifications 

Preferred skills and experiences

• MBA or Master's degree in a management, scientific, technical, or engineering field

• Significant work experience with different regions/business units on risk management and leading information security initiatives

• Knowledge of information security management frameworks (example: ISO 27001/NIST CSF) 

• Demonstrated ability to foster a collaborative culture within a team to ensure goals are met and projects are delivered successfully

• Proven experience building strategic relationships and influencing senior leadership to achieve business goals

• Strong track record of mentoring and developing team members, as well as managing and leading a diverse workforce with highly matrixed resources

What we offer

Generous benefits package, Whirlpool employee discount, fitness & educational reimbursement programs, kitchenettes, and more! Saint Joseph/Benton Harbor locations: Beautiful, recently renovated office space, free coffee, biking/walking trails, and access to The Eddy - Early Childhood Center (depending upon availability - additional costs required). 

Additional information

Whirlpool’s Ways of Working

Our goal is to provide an environment that helps you bring your best to Whirlpool every day. While employees in this role work in-person Monday through Friday. We offer flexibility and industry leading time-off benefits that will help you balance what’s important at work and at home, including:

• Always On Flexibility - You will have the autonomy to manage personal, family, and outside-of-work commitments as needed. 

• Two-Week Work from Anywhere - Minimum of one-week increments for a total of two weeks per year.

• Sabbatical - Four weeks paid leave after every five years of service.

#LI-JW1