The mission of the Global and Information Security (G&IS) Office is to protect Rockwell Automation information and our ecosystem of customers, suppliers, distributors, and partners from the ever-changing global threat landscape. This includes identifying appropriate security control objectives and requirements that balance security with business productivity to protect the Company's assets. The Security Risk Specialist as a member of the G&IS Office is responsible for working with many business units across Rockwell Automation; IT, business unit leads and liaisons, and various other internal/external stakeholders to assess and manage risk.
One of the primary responsibilities of the Security Risk Specialist is to perform technical risk assessments of third parties prior to the Company establishing business relationships with these entities. Third parties include entities that provide services or products to Rockwell Automation, including contractors, engineering services suppliers, manufacturers, and technology vendors. All third parties are required to comply with information security requirements defined by the Rockwell Automation G&IS Office. Prior to entering into contractual agreements, and periodically thereafter, the Security Risk Specialist assesses current information security practices, processes, and capabilities of third parties with access to Rockwell Automation facilities, systems, or sensitive Rockwell Automation information to ensure they meet Company requirements. As necessary, he or she will work with the third parties to mitigate any deficiencies and schedule periodic reviews to ensure there is continued use of acceptable information security practices. The Security Risk Specialist will work with senior leaders for escalation as needed. The Security Risk Specialist is also responsible for reviewing third party legal agreements in coordination with the Office of the General Counsel's Contracts & Negotiations team and Privacy Office to ensure all agreements meet Rockwell Automation's information security and regulatory requirements.
Key responsibilities of the role
Including but not limited to:
Collaborate on security requirements and control objectives.
Develop and manage risk metrics.
Collaborate with IT in the selection and deployment of security tools and processes.
Develop, evaluate, and implement practices, processes, and technologies for third party risk management.
Assess third party compliance with Rockwell Automation information security requirements.
Conduct periodic technical assessments of third party information security practices.
Conduct reviews of third party contractual agreements and statements of work to protect Rockwell Automation from security and regulatory risk.
Provide technical investigations support to the G&IS Global Security team as needed
Provide general security guidance for Company investments, whether internal processes, enhancements, or governance programs.
Leadership/Change: The Security Risk Specialist must have the ability to embody the desired security culture of Rockwell Automation in order to garner support and collaborate across the enterprise. Security is a domain which is constantly changing and this position requires someone who passionately maintains ongoing awareness of the changing threat environment as well as best practices to mitigate the dynamic nature of the risks faced by our Company. This position requires confidence in vocalizing potential for process improvements to strengthen Rockwell Automation's ability to reduce risk.
Interpersonal: The G&IS office must frequently convince the businesses and functions in the Company to cooperate with security requirements. Therefore, the Security Risk Specialist must be able to translate technical information into understandable business language to communicate effectively while having a demeanor that encourages cooperation. The Security Risk Specialist must be able to handle conflict tactfully and professionally, as there will be times when the G&IS Office will need to interrupt, delay, or change business operations based on security issues.
Business: The Security Risk Specialist must understand the Company's growth and performance priorities, and create innovative, proactive strategies that balance security and productivity. The candidate must be forward-looking while at the same time reacting to new security threats and vulnerabilities that are faced by the Company.
5 years of relevant professional experience with at least 2 years in a position involving information technology or security
Required Candidate Attributes
Skills Knowledge Experience Education
Familiarity with common project management practices
Fundamental understanding of IT security principles, such as physical, technical, and administrative security controls, vulnerability, and patch management, etc..
Information Processing Capability
Risk management focus is essential - the ability to consider a complex array of information, including prediction of future events, to make risk-based decisions or recommendations.
Must be able to understand different operating environments, such as onsite and cloud deployments.
Must be able to understand and integrate various data points, as third parties may vary from hardware vendors to engineering service providers.
Must be able to effectively communicate complex information such as internal practices and standards.
Passionate about the team's mission
Very strong ethics and integrity
Must possess strong influential skills and remain calm under pressure
Must work collaboratively within and outside the G&IS Office.
Must be able to tolerate tight deadlines in a team environment.
Must treat colleagues, customers within the business units, and third parties with respect and professional courtesy.
Accepts Role Requirements
Available to be reasonably flexible with working hours to accommodate global team
Must demonstrate a degree of flexibility should tasks arise that are outside of the individual's expertise, within reason.
Must be able to communicate discomfort or uncertainty with tasks that may fall outside of his/her capabilities.
Preferred Attributes and Qualifications
Bachelor's Degree from accredited institution, preferably in Information Technology, Computer Science, or other related
Experience in reviewing a wide range of technology and service use cases to interpret appropriate security controls.
The above statements are intended to describe the general nature and level of work being performed by people assigned to the job. They are not intended to be an all-encompassing list of responsibilities, duties and skills required of personnel. Reasonable accommodations will be made if necessary. This position conducts tasks in accordance with applicable health, safety, quality and environmental regulations (state/federal laws, ISO 9001, ISO 14000, etc.) as well as Rockwell/Rockwell Automation policies and procedures.
Internal Number: R21-244
About Rockwell Automation
When you choose Rockwell Automation, you join countless talented employees who have helped us establish our leadership position in the automation industry over the past century.
You join a diverse, inclusive and global community with a passion for innovation. A place where you can partner with great minds and inspiring people. And a corporation backed by the financial strength that drives growth – and career opportunities.
As much as we focus on our customers, we know our employees are key to our success and future. Helping you develop a rewarding career is a top priority. Because when you succeed, we succeed.