CNH Industrial is a world-class equipment and services company dedicated to advancing the noble work of agriculture and construction workers. Driven by our shared purpose of Breaking New Ground, we are passionate about bringing Innovation, Sustainability, and Productivity to all that we do. As a truly global company, CNH Industrial’s 37,000+ employees form part of a diverse and inclusive workplace, focused on empowering customers to grow, and build, a better world through our core brands: Case IH, STEYR, New Holland Agriculture, CASE, and New Holland Construction.

This is an opportunity to establish and oversee our global information security risk program across multiple business units and functions.

We are seeking a bias-towards-action, results-oriented, motivated, and strategic leader who is focused on building processes and technologies that optimize the security posture for our organization.

This position is eligible for FULLY REMOTE or HYBRID work arrangements! For the hybrid model, the ideal candidate will work from Burr Ridge, IL, Sioux Falls, SD or Racine, WI.

• Oversee IT/Cyber policies, standards, and processes as it relates to certification and compliance requirements
• Lead risk assessments and risk treatment processes across multiple business units
• Ability to quantifying risk in a consistent manor and reporting up through leadership
• Create, present, and communicate security risk across functional teams
• Evaluate security frameworks and the impact they could have on business units
• Develop and maintain risk reduction approaches, and assist and manage the intake process, provide oversight and expertise in risk assessments and reviews
• Supporting Sr Leadership and CISO in the creation and tracking of top risks metrics and KPI reporting
• Review operational processes, projects, and product security controls for consistency and alignment with internal policy and standards
• Facilitate timely identification, communication, and recommended resolution of security risks
• Develop a strategic risk assessment schedule and calendar to pro-actively assess security risk across the organization
• Develop key relationships with business and technology leaders to ensure security risk reviews and assessments are performed when needed
• Ensure risk assessment and treatment activities continues to meet compliance requirements
• Create scalable process and procedures with templates and appropriate metrics
• Provide expert guidance to and coordinates the efforts of relevant IT, Business and other department leaders in documenting and maintaining risk posture
• Effectively collaborate with IT and Business Units on a consistent intake process
• Track and report on remediation of open risk and issues as identified
• Support the creation of white papers and customer facing artifacts as applicable

• Bachelor’s degree or minimum 7 years’ experience in risk assessments and risk treatment
• Three (3) plus years experience with audit, compliance and GRC software and tooling
• Three (3) plus years experience with industry security frameworks (ie: ISO, NIST, COBIT, SOX)