Senior Manager, Cybersecurity Governance, Risk and Compliance (GRC) (HYBRID)

McCormick & Company, Inc., a global leader in the spice, flavor, and seasonings industry, is seeking a full-time Senior Manager - IT Governance, Risk and Compliance (GRC). The Senior Manager, IT GRC will report to the Deputy CISO. This new hire will work at McCormick's global headquarters in Hunt Valley, MD and will be eligible to participate in McCormick's hybrid work program (50% onsite and 50% remote per month). 

McCormick & Company, Incorporated is a global leader in flavor with approximately 14,000 employees worldwide. With over $6 billion in annual sales across 160 countries and territories, we manufacture, market, and distribute spices, seasoning mixes, condiments, and other flavorful products to the entire food industry including e-commerce, retail, food manufacturers and foodservice businesses. Our most popular brands include McCormick, French's, Frank's RedHot, Stubb's, OLD BAY, Lawry's, Zatarain's, Ducros, Vahiné, Cholula, Schwartz, Kamis, DaQiao, Club House, Aeroplane, and Gourmet Garden. Every day, no matter where or what you eat or drink, you can enjoy food flavored by McCormick. Our Purpose is "To Stand Together for the Future of Flavor and our Vision is "A World United by Flavor—where healthy, sustainable and delicious go hand in hand."

As a company recognized for its exceptional commitment to employees, McCormick offers a wide variety of benefits, programs, and services. Benefits include, but are not limited to, tuition assistance, medical, dental, vision, disability, group life insurance, 401(k), profit sharing, paid holidays, and vacations.

POSITION OVERVIEW:

The Senior (Sr.) Manager Cybersecurity Governance, Risk and Compliance (GRC) oversees and manages cybersecurity risk, compliance, security education and awareness and third-party risk management programs. The ideal candidate will be a strategic leader with a track record of developing global information risk management, policies, standards, frameworks, compliance monitoring, and implementing scalable risk identification, assessment, monitoring, and reporting methodologies. In this position, the Sr. Manager will be tasked with the development, implementation, and maintenance of the cybersecurity governance framework, while also ensuring alignment with the organization's objectives. The expertise of the Sr. Manager will be vital in identifying and managing IT and cybersecurity-related risks, including those from third-party vendors.

A significant part of this role involves ensuring that the organization adheres to all relevant regulations and standards, such as SOX and NIST. The Sr. Manager will also be involved in the creation, review, and updating of global information security policies, procedures, and standards.

This role further encompasses managing third-party risks by conducting risk assessments and ensuring that all vendors meet the company's security and compliance standards. As a part of this, the Sr. Manager will oversee vendor relationships, making sure that contractual obligations related to cybersecurity governance, risk, and compliance are fulfilled.

A key aspect of this role involves providing robust support for both internal and external audits. This includes coordinating resources, providing necessary documentation, implementing audit recommendations, and facilitating resolutions to audit findings. The Sr. Manager will be responsible for developing action plans to mitigate identified risks, including those discovered during audits.

Additionally, the Sr. Manager will develop a robust cybersecurity education and awareness program plus  training and guidance to employees on IT controls compliance matters, third-party risk management, and audit processes. Regular reporting to executive management on all areas of responsibility will also be a crucial aspect of this role. This role demands a deep understanding of governance, compliance best practices, information and third-party risk management practices, audit procedures, and information security principles and technologies. It requires exceptional leadership, communication, analytical, and problem-solving skills, along with the ability to manage multiple priorities and projects effectively. Ethical conduct, professionalism, and a commitment to confidentiality and integrity are fundamental to this role.

This position offers the opportunity to make a significant impact on the organization by ensuring the security and integrity of systems and processes. The expertise of the Sr. Manager will help to mitigate risks, ensure regulatory compliance, expand the cybersecurity knowledge of workforce, manage third-party vendor relationships, and provide essential audit support.

RESPONSIBILILITES:

Information Risk Management

• Develop, implement, and maintain the IT governance framework and associated strategy across the organization.
• Identify and manage IT-related risks to ensure the security, integrity, and efficiency of the organization's IT infrastructure.
• Develop and implement action plans to mitigate identified risks, including those identified during audits.
• Implement IT Risk Management Workflows in a GRC tool
• Regularly report to senior management and board of directors on risk management activities and potential impact.
• Stay informed about latest IT trends and advancements that could affect the organization's risk management strategy.

Compliance and Audit Support

• Ensure compliance with relevant regulations and standards, such as SOX and NIST.
• Oversee the creation, review, and update of IT policies, procedures, and standards to ensure compliance.
• Support internal and external audits by coordinating resources, providing necessary documentation, and implementing recommendations.
• Facilitate the resolution of audit findings and recommendations by collaborating with the relevant teams and stakeholders.
• Implement IT Compliance Workflows in a GRC tool
• Provide training and guidance to employees on IT compliance matters and audit processes.
• Regularly report to senior management and board of directors on compliance efforts and audit outcomes.
• Stay informed about changes in laws and regulations that could affect the company's IT governance framework and audit processes

Third Party Risk Management

• Identify and manage risks associated with third-party vendors as part of the organization's IT risk management.
• Conduct third-party risk assessments and ensure all vendors meet the company's security and compliance standards.
• Manage relationships with third-party vendors, ensuring contractual obligations related to IT governance, risk, and compliance are met.
• Develop and implement strategies to manage and mitigate third-party risks.
• Implement Third party Risk Management Workflows in a GRC tool
• Provide training and guidance to employees on third-party risk management.
• Regularly report to senior management and board of directors on third-party risk exposure.
• Stay informed about the latest advancements in third-party risk management strategies.

• Cybersecurity Education & Awareness
  • Develop education & awareness strategy and program
  • Manage Phishing campaigns and associated training with continuous improvement of clicking and reporting metrics
  • Assure annual and new employee orientation is refreshed annually and effective
  • Provide public service announcements and regular touch points of security awareness to increase workforce understanding of their role related to cybersecurity
  • Measure improvements of workforce cybersecurity knowledge with KPIs

QUALIFICATIONS:

• Bachelor's Degree in Computer Science, Engineering, Business Management or other related field
• At least 8 years of experience in a Cybersecurity management role, with demonstrated expertise in cybersecurity governance, risk management, compliance, third-party risk management, and audit support.
• 8+ years of proven leadership experience with 6+ years experience managing large cross-functional teams/projects
• In-depth knowledge of IT governance and operations, including designing and implementing security policies and procedures.
• Strong understanding of risk management principles and compliance requirements related to cybersecurity and IT.
• Proficiency in managing third-party risks, including conducting risk assessments, and managing vendor relationships.
• Ability to provide training and guidance to employees on IT compliance matters, third-party risk management, and audit processes.
• Regularly reports to senior management on compliance, risk management activities, third-party risk exposure, and audit outcomes.
• Experience conducting audits, coordinating with auditors, and implementing audit recommendations.
• Experience using a GRC tool to manage Information Security Risk, Compliance and Third-Party Risk workflows.
• Broad and comprehensive knowledge of cybersecurity capabilities is required.
• Excellent leadership and team management skills.
• Strong verbal and written communication skills, with the ability to effectively communicate complex cybersecurity and IT issues and concepts to non-technical stakeholders.
• High level of analytical and problem-solving skills.
• Ability to manage multiple priorities and projects effectively.
• High ethical standards and a commitment to confidentiality and integrity

#LI-NP2

McCormick & Company is an equal opportunity/affirmative action employer.  All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

As a general policy, McCormick does not offer employment visa sponsorships upon hire or in the future.