Cybersecurity Data Security Manager

The Cybersecurity Data Security Manager (DSM) is responsible for the planning, building, delivery and support of the Cybersecurity Enterprise Data Security program. This individual will provide direction and guidance to the development, specifications, and communications of the Data Security related applications, as well as provide consultation to the business units and IT management and assist in developing plans and direction for the integration of information security requirements. The DSM is also responsible for establishing and implementing the enterprise data security governance framework to ensure that data assets and associated data processing activities are adequately protected in the digital ecosystem and compliant with regulatory and internal Sherwin-Williams requirements. This will involve identifying, evaluating, and reporting on regulatory and security risk to data processing activities, working to assist with the implementation of data security policies and the evaluation and recommendations for data protection technologies. The DSM will execute the Data Security strategy for the enterprise in conjunction with key business partners, Digital Technology, and the Cybersecurity Organization.

The DSM collaborates with the data privacy organization, key business partners and the Enterprise Data Organization (EDO) to create policies and controls for the appropriate protection of business data. The DSM will work with Cybersecurity Business Enablement (BEM) and business leaders to determine acceptable levels of risk for business data, and with business units and cybersecurity partners to implement practices that meet agreed policies and standards for data security. The DSM should understand and articulate the impact of data security on the Sherwin business and be able to communicate this to executive level stakeholders.

The DSM leads research, strategy creation and implementation of new data security products or services to support the usage of identified secure data in a secure and compliant manner. The DSM conducts data security risk assessments, focused on critical business processes or applications. The DSM identifies, and suggests prioritization of, data security risk treatment for the organization and determines how to maintain and improve adherence to regulatory requirements and corporate policies.

This individual will lead a team of analysts in the data security space. This individual will also work closely with the manager of the Data Security (Technology) team. This position will report to the Sr Director, Architecture and Engineering.

The Cybersecurity Manager, Data Security is responsible for advising business, security, and technology leadership on ways to improve and maintain the data security environment. This function works with all data security related operations work. This position also serves as the subject matter expert in data security product and solution development.

• In collaboration with Cybersecurity GRC, facilitate a data security governance organization to help align setting of data security policy, enforcement of policy and execution of policy.
• In collaboration with Cybersecurity GRC, develop, socialize, publish, and coordinate approval and implementation of data security processes.
• In collaboration with Cybersecurity GRC, facilitate the necessary internal collaboration among line-of-business executives and corporate compliance, IT security, audit, legal and HR management teams to ensure alignment, as required.
• Leads the data security process function across the organization to ensure consistent and high-quality data security management in support of business goals.
• Develops outcome-driven metrics and provides regular reporting on the status of the data security program to enterprise risk teams and senior business leaders.
• In collaboration with Cybersecurity GRC, creates a risk-based process for the assessment and mitigation of any data security risk in an ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
• Works effectively with business units to facilitate data security risk assessment and risk management processes and empowers them to own and accept the level of risk they deem appropriate for their risk appetite.
• Develops, improves, and manages the data risk assessment process, in close collaboration with business stakeholders.
• In collaboration with Cybersecurity GRC, conducts regular data security risk assessments to ensure that the organization's data security policies are being adhered to.
• Works closely with technology service teams to anticipate potential data security problems associated with the use of emerging technologies.
• Ensures that business units, technology teams and third parties follow the organization's data security standards and implements measuring procedures to verify the extent to which these stakeholders meet data security policy requirements and address data security concerns.
• Collaborates with, and assists, business units and technology areas to develop corrective action plans for identified data security compliance issues.
• Facilitates and supports the development of data asset inventories that document how and why the organization collects, shares, and uses business data. The inventories must include data assets in cloud services and in other parties within the organization's ecosystem.
• Collaborates with the data management function to develop a basic data classification policy with reference to industry-specific standards; minimizes the number of data classification levels; and applies manual and automatic controls to data across the organization, according to the classification results.
• Works closely with the Data Security Architect for standards and processes.
• Builds, leads, and has management responsibility for the performance and development of a team of business analysts.
• Provides coaching guidance and direction on Data Security projects ensuring overall fit with architecture direction.

• Prepare and lead presentations as requested.
• Monitor program progress and provide visibility of program status against roadmap to full stakeholder group.
• Assist with other projects as necessary to contribute to efficiency and effectiveness of the teamwork.
• Lead internal teams/task forces on initiatives as assigned.
• Participate in hiring activities and fulfilling affirmative action obligations and ensuring compliance with the equal employment opportunity policy.

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.

This position has a hybrid work schedule with three days in the office and the option for working remotely two days.

Formal Education & Certification

• Bachelor's Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business)
• One or more of the following certifications is preferred(or other, similar credentials): Certified Data Security Professional (CSA - CDSP), Certified Information Security Professional - Data Security Governance (CISP - DSG), Certified Information Security Assurance Worker - Data Security Post Capability (CISAW-DSP), Certification for Cyber Security Competence - Data Security Management (CCSC - Data Security Management).

• 8+ years of IT experience
• Supervisory experience preferred or Team Responsibility
• Experience with Data Security systems and processes, 6+yrs preferred.

• Supervisor experience or Team responsibility preferred.
• Experience large scale IT initiatives a plus.
• Experience working with internal clients and/or external agencies/partners.
• Proven experience securing cloud platform environments (Oracle, GCP, AWS, Azure).
• Demonstrated success in establishing strategic objectives and driving tactical execution of initiatives aligned with company goals and objectives.

• High credibility with leadership, while also able to connect and build trust-based relationships with stakeholders at all levels of the organization.
• Ability to focus/align the organization around critical initiatives, policies, and best practices.
• Strong customer orientation
• Strong written and oral communication skills
• A proven track record of setting and meeting aggressive goals and action plans, both as an individual and with a team
• Accountable to influence employee commitment to the organization and to the team
• Commitment to fostering a culture of inclusion and diversity.
• Occasional travel is required.
• Work outside the standard office 7.5-hour workday may be required.