Information Security, Technical Manager in Marysville, OH at ScottsMiracle-Gro

Date Posted: 11/17/2019

Job Snapshot

Job Description

Here at Scotts Miracle-Gro there is no such thing as a typical day.  Our culture is constantly energized by new and exciting growth opportunities and at a rapid pace.  Every Associate plays an important role in providing innovative solutions for today’s gardeners and growers and contributing new ideas to improve operations. In our company you need grit, it is what we were founded on over 150 years ago and is what keeps us growing. Regardless of your level in the organization there is a platform for your voice to be heard and the ability to influence change. Family, community and hard working values are weaved into all that we do. Come grow with us, where we develop and nurture the next generation of leaders. ​

We are looking for a Technical Manager, Global Information Security, who will join our Business Transformation (IT) team in Marysville, OH.

 

This position will be based at The Scotts Miracle-Gro world headquarters in Marysville, a suburb of Columbus, OH.  Not familiar with Columbus? Visit columbusregion.com/columbus-2020/

The Scotts Miracle-Gro Company recognizes that our continued long-term success depends on executing not only our strategy, but also protecting our brands, our assets, and our data.  The confidentiality, integrity and availability of Scotts’ information assets and IT resources, as well as the adherence to laws and contractual obligations regarding information processing, is critical to the mission of the Company.  To support that mission, the company continues to invest significant capital and resources to improve our information security capabilities. The Technical Manager, Global Information Security is a key member of the Information Security team responsible for developing and implementing these long-term Information Security strategies for the Company. This position and the Information Security team play a key role in protecting our assets from events that may have a negative impact to the Company and its shareholders.  We are looking for high-performing and high-potential candidates who can make a significant and immediate contribution to our team.

What you’ll do in this role:

  • Create, maintain and report metrics on security domains.  Perform root cause analysis, recommend and implement continuous improvement process opportunities based on the results of such metrics.

  • Perform risk assessments of third party IT systems or services.

  • Analyze data outputs of security monitoring tools and proactively drive appropriate security measures to protect enterprise assets and the end users.

  • Collaborate with Business Partners and works cross-functionally with departmental team members.

  • Plan, evaluate, recommend, design and implement security solutions for moderately complex projects, including preparation of cost justifications, use cases, alternative solutions, and technical recommendations.

  • Present security concepts, technologies and plans to broad audience groups.

  • Establish sustainable, efficient ongoing processes to ensure security solutions are operated effectively.

  • Maintain up-to-date knowledge and understanding of information security threats, vulnerabilities, practices, principles, and solutions.

  • Coordinate independent 3rd party audits, assessments, penetration testing, vulnerability scanning, and reporting to internal and external entities as required to fulfill compliance obligations.

  • Support efforts to implement a Governance, Risk and Compliance solution.

  • Ensure remediation activities are assigned to appropriate individuals, action plans are established and approved by management, and remediation progress is tracked and reported to completion.

  • Prepare and presents information security and compliance risk dashboard metric reports for a variety of targeted audiences, including technologists and executive leadership.

  • Coordinate activities associated with the Business Information Security Council and other information security related steering committees, including scheduling, agendas, presentation and meeting materials, speakers, and meeting minutes.

  • Coordinate research, interviews, drafting, reviews, revisions, approvals and publication of information security-related policies, standards and procedures.

  • Coordinate activities and track metrics associated with information security education and awareness initiatives (e.g., awareness articles, online course content, presentation materials, simulated phishing campaigns, etc.).

What you’ll need to be successful:

  • Bachelor degree in Computer Science or related field, OR equivalent combination of education and/or experience.

  • CISSP, CISM, GSEC, CEH or other relevant information security certifications are desired.

  • Working knowledge of Information Security frameworks, practices and principles (e.g. ISO 27X, COBIT, CSC, NIST, OWASP TOP 10, GAPP, etc.) and is experienced in creating and implementing metrics that measure high performance.

  • Working knowledge in technical areas (e.g. network security, web security, anti-virus/anti-malware, data loss prevention, identity & access management, cryptography, application security, threat and vulnerability management, security event monitoring, incident response, forensics, etc.)

  • Working knowledge in implementing sustainable processes that support Information Security strategies, technologies and best practices.   

  • Experienced in successfully dealing with Information Security breaches and or other security incidents that have fostered “lessons learned”.

  • Working knowledge of enterprise network infrastructures including perimeter security and remote access services.

  • Working knowledge of Risk Assessments and analysis methodologies.

  • Working knowledge of generally accepted change, problem and incident management principles (e.g. ITIL)

  • Working knowledge of IT-related laws and compliance mandates including Governance and Risk Compliance (e.g. Sarbanes Oxley 404, PCI DSS, HIPAA/HITECH, Personal Information Privacy).

  • Strong analytical, problem solving and conceptual skills to identify and deliver high performing solutions.

  • Strong verbal, written and presentation communication skills, with an ability to express complex technical concepts in understandable business terms to Departmental Leadership, Senior Level Leadership and Audit Committee Board Level Leadership.

  • Working knowledge in project management principles, and has the ability to delivery of high quality solutions on time and within budget.

  • Strong interpersonal skills with the ability to work on cross-functional project teams and foster team commitment to tasks as well as collaborate with Business partners.  

Non-Technical skills:

  • Problem Solving & Analysis

  • Business Acumen

  • Communication & Leadership

  • Relationship Building

  • Creativity & Innovation

  • Influence & Organizational Savvy

  • Planning & Organizing

What we do for you (just to list a few cool ones):

  • Offer extremely competitive benefits including: Health, Dental and Vision coverage.

  • Onsite wellness center which includes: 2,400 sq. ft. fitness center, Walgreens pharmacy and Doctor’s office.

  • Beautiful campus and corporate offices designed like a log cabin offering free coffee, chef-run cafe and the best crushed ice!

  • Unbelievable 401K match (up to 7.5%) and discounted stock purchasing program (15% discount).

  • Our commitment to diversity and inclusion includes four employee resource groups: Scotts Women’s Network, Scotts Black Employee Network, Scotts Veterans Network and Scotts Young Professionals.

  • Generous holiday and vacation days.

Not interested in this role? Stay up to date on future opportunities by joining our ScottsMiracle-Gro and Hawthorne Gardening talent networks.

Scotts is an EEO Employer, dedicated to a culturally diverse, drug free workplace.

EEO/AA Employer/Minority/Female/Disability/Veteran/Sexual Orientation/Gender Identity

Notification to Agencies:

Please note that the Scotts Miracle-Gro company does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Master Service Agreement, and specific approval to submit resumes to an approved requisition, the Scotts Miracle-Gro company will not consider or approve payment regarding recruiter fees or referral compensations.

.