Job Description

A culture of diverse perspectives. Coworkers who collaborate to go above and beyond. Motivated individuals who lead by example. This is what CDW is about. Our legacy of innovative thinking and vision for customer-centric technology positions us for continued success in our industry—and for you in your career.

What you will do:

Your role at CDW is of the utmost importance to the company’s mission, objectives, and reputation. As the SR Manager, Security Risk Management, you will streamline, automate, and scale security compliance programs across CDW’s growing global business units. 

You will be responsible for operationalizing and scaling new GRC capabilities, developing a unified process risk control taxonomy, and establishing policies and standards to meet regulatory and contractual requirements. You will collaborate closely with business customers to translate information security risks into understandable terms and provide guidance on risk mitigation. The ideal candidate has a strong background in information security, GRC frameworks, and risk management, with a focus on continuous process improvement.

GRC Program Development: Design, configure, and implement GRC processes and technology, including policy management, process risk and control alignment, and risk acceptance, issues and exceptions tracking.  Customize GRC processes to meet specific organizational and customer requirements.
Policies and Standards Development: Establish information security policies, standards, and guidelines in line with regulatory and contractual requirements. Continuously update and enhance them to address emerging threats and industry best practices.
Regulatory Compliance: Ensure compliance with applicable regulatory requirements, such as GDPR, HIPAA, PCI-DSS, etc. Monitor changes in regulations and update policies and controls accordingly.
Contractual Compliance: Review contractual agreements and requirements related to information security, privacy, and compliance. Identify gaps and develop strategies to meet contractual obligations.
Risk Assessment and Analysis: Conduct risk assessments to identify, evaluate, and prioritize information security risks. Develop risk mitigation strategies and work with stakeholders to implement controls and measures.
Continuous Process Improvement: Identify opportunities for process improvement within the GRC program. Regularly assess and refine GRC processes, policies, and controls to enhance efficiency and effectiveness.
Stakeholder Engagement: Collaborate with business customers to translate information security risks and requirements into business terms. Facilitate risk discussions, provide guidance, and promote risk-aware decision-making.
Security Awareness and Training: Develop and deliver security awareness and training programs to educate employees on information security risks, policies, and controls. Foster a culture of security awareness and compliance.
Reporting and Metrics: Generate regular reports on compliance status, risk posture, and effectiveness of controls. Define key metrics and performance indicators to measure the success of the GRC program.

What we expect from you:

We value experience, skills, drive, aptitude, and attitude over university degrees and certifications.
10 years in information security, GRC, or related roles, with a focus on building GRC modules and developing policies and standards to meet regulatory and contractual requirements.
3 years' experience leading an effective team
Strong knowledge of GRC frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, etc.), risk management methodologies, and control frameworks.
Familiarity with regulatory requirements, such as GDPR, HIPAA, PCI-DSS, etc., and experience implementing controls to meet these requirements.
Excellent understanding of information security principles, risk assessment methodologies, and security controls.
Experience with GRC tools and platforms is preferred.

What you can expect from us:

Diverse, award-winning culture and work/life benefits.
An inclusive culture that empowers you to bring your best true self and your best ideas. We know diverse perspectives lead to better problem solving and better solutions for our customers.
A learning environment that empowers you to develop your career with comprehensive resources and support, ongoing education and skills-development training, and robust advancement opportunities.
Health, dental, and vision coverage; coworker stock purchase program; paid vacation time and sick days; tuition reimbursement; coworker discounts; and other generous perks.

Who we are:

We make technology work so people can do great things.