Assistant Manager-IT Risk Management

As an S&C Electric team member, you'll work on projects that have real-world impact. You'll help transform the grid for resilient and reliable power worldwide. S&C has more than a 100-year history of innovation and has been 100% employee-owned since 2012. We continue this legacy as a trusted, forward-thinking leader in the electrical industry. You will advance a safer, more reliable, and more resilient electrical grid. Our products help the grid adapt to severe weather and transition to clean energy. We're big enough to be a respected industry leader but small enough for you to impact our company directly. Our commitment gives you opportunities to impact on and off the job positively.

Join S&C to make an impact on tomorrow's energy challenges and become an employee-owner

Hours

• 8:00 am - 5:00 pm (Mon-Fri) On-Site

Compensation

At S&C, we are dedicated to providing competitive and equitable compensation for all our team members, and we are committed to transparency in our pay practices. The estimated annual base salary range for this position is $128,084 - $169,711.30.Individual pay within this salary range is determined by several compensable factors, including performance, knowledge, job-related skills and experience, and relevant education or training. This role is also eligible for S&C's annual incentive plan (AIP), subject to eligibility criteria.

Join Our Team as a Assistant Manager-IT Risk Management!

The Information Technology team is responsible for designing, implementing, and maintaining a robust technology infrastructure to support the organization's operations. Through improving cybersecurity and troubleshooting technical issues to driving innovation through cutting-edge solutions, the IT team ensures seamless connectivity, data security, and optimal functionality, empowering the company with a reliable and efficient digital ecosystem aligned with strategic goals.

The Assistant Manager-IT Risk Management is responsible for the day-to-day operations of the Information Security function including execution of the information security strategy, safeguarding the organization's digital assets, and mitigating cyber threats. This leadership role involves collaborating within the IT Cyber Security team, among IT teams and across the business, and leading a team responsible for information security governance, ensuring strong security posture management. Using a risk-based, proactive approach, the Assistant Manager works closely with the Director-IT Risk Management to maintain a resilient security infrastructure and foster a culture of awareness within the organization.

Essential Functions

Key Responsibilities:

• Day-to-Day Leadership: Lead and mentor the assigned information technology team, including the information security function, ensuring the day-to-day operational goals are met. Conduct regular performance reviews, provide feedback, and identify opportunities for professional development.

• Operational Management: Lead the day-to-day operation, and governance of S&C's ISO/IEC 27001 Information Security Management System (ISMS), including ownership of the ISMS processes, enabling platforms, and supporting documentation. Manage the enterprise information security risk assessment and risk register, risk treatment plans, control implementation tracking, and alignment to the Statement of Applicability. Coordinate internal audits, external certification and surveillance audits, management reviews, and the remediation of audit findings and opportunities for improvement (OFIs). Own the ISMS policy and standards life cycle to ensure timely development, review, and approval, and communication. Oversee supporting information security programs and services such as data classification and handling, data loss prevention, and disaster recovery. Ensure timely resolution of information security incidents, risks, audit actions, and improvement initiatives, and drive effective implementation and maturation of security controls, processes, and procedures to support audit readiness, operational efficiency, and continuous improvement of S&C's security posture.

• Performance Monitoring: Develop, monitor, and report on key performance indicators (KPIs) and risk-based metrics to assess the effectiveness and efficiency of information security and ISMS operations. Leverage Microsoft Purview metrics, including Data Loss Prevention (DLP) Activity Explorer and Data Explorer insights, ISMS performance and compliance KPIs, and audit-readiness indicators related to control operation, evidence completeness, and remediation timeliness. Analyze performance data and trends to identify gaps, inform risk-based decisions, and recommend process and control, ensuring alignment with upstream IT risk, compliance, and enterprise performance metrics.

• Strategy Support: Provide recommendations for key results, initiatives, and individual goals based on gaps in ISO 27001 controls and CIS benchmarks, and other identified risks. Regularly assess and report on the effectiveness and impact of cybersecurity initiatives to support informed decision-making and risk reduction.

• Information Security Culture: Collaborate with leadership, IT teams, and S&C's functional areas to identify, develop, implement, and maintain processes and controls to reduce information technology risk. Recommend information security objectives and ensure business functions understand the importance and impact of information security and risk within their areas of responsibility. Encourage and enable others to champion information risk management.

• Documentation: Maintain thorough, organized, current, and accurate records and documentation. Develop and present regular reports on ISMS performance, metrics, and project status to senior management.

• Initiatives Management: Lead and participate in IT and cybersecurity projects and initiatives related to information security, ensuring successful implementation and adoption of technologies, processes, controls, and systems that strengthen security posture management. This includes initiatives such as Microsoft Purview data protectin and compliance capabilities, secure collaboration platforms, regulatory and customer-driven frameworks (e.g., NIST SO 800-171), and business impact analysis and business continuity planning (BIA/BCP). Ensure intiative requirements, dependencies, timelines, and key results are clearly defined, governed, and met to deliver desired intended risk-reduction and business outcomes.

• Supplier Management Support: Coordinate with external suppliers, service providers, and business stakeholders to ensure quality and cost-effective, and risk-appropriate services for the information security function. Manage vendor relationships and support contract negotiation and renewal activities as needed, including third-party risk assessment platforms (e.g., UpGuard). Oversee supply chain risk management (SCRM) due diligence, including vendor risk reviews, renewals, and ongoing monitoring, and support customer security questionnaires, assurance requests, and information security review requirements tied to sales and contracting processes. Coordinate information security input into contract reviews and assurance workflows to ensure alignment with applicable standards, regulations, and customer contractual obligations.

• Budget Support: Support the budgeting process for the information security function and associated costs. Monitor expenses and ensure cost control and efficiency.

• Compliance: Understand and comply with all applicable Company policies and rules.

• Maintain regular and punctual attendance.

• Attend in-person or virtual meetings as requested or required.
• Communicate effectively and respectfully with others.
• Other responsibilities as assigned.

Education & Required Qualifications

• Bachelor's degree in Information Systems, Computer Science, Business, or equivalent experience.

• 5+ years of experience in Information Security or a related role.

• Demonstrated experience managing a security team and/or security projects.
• Sound knowledge of information security and compliance principles and best practices.
• Experience in using and administering OneTrust, M365 PurView, or similar platforms is preferred.
• Practical knowledge of ISO 27001:2022 and related standards.
• Ability to collaborate effectively with cross-functional teams and external vendors.
• Possess a collaborative and risk-based mindset and great communication skills.
• Good leadership skills with an ability to lead, guide, motivate, and delegate to deliver results, embrace change, drive decisions and outcomes, embrace culture and inclusion, and exhibit integrity.
• Great organizational, planning, and project management skills, creatively problem-solving issues and juggling a portfolio of initiatives.
• Great communication skills (written, verbal, listening, and presentation); able to liaise effectively with internal and external stakeholders to drive decisions and achieve targeted results.
• Great interpersonal skills to establish meaningful relationships built on mutual trust and respect, navigate and resolve conflict, moderate behaviors, and foster collaborative working relationships amongst a diverse audience.
• Ability to use business acumen and analytical skills to analyze data to drive informed decisions and problem-solve issues.
• Foundational financial acumen with the ability to provide input to budgetary processes for fiscal effectiveness.
• Ability to travel as required.

Preferred

• Demonstrated leadership experience within an IT function.
• Relevant cybersecurity certifications (e.g., Security+, CISM, CISSP)