Job Title: Sr. Manager - Information Security, Risk and Compliance

Overview: Reporting to Director, CDK Enterprise Security, the Sr. Security Risk Manager is responsible for the CDK Cyber Security Risk Program. Responsibilities include executing CDK's strategic approach to prioritizing threats that ensure the most critical threats are handled in a timely manner. Role includes identifying, analyzing, evaluating, and addressing threats based on the potential impact each threat poses to the business. This role primarily focuses on cyber and data security risk but is a key stakeholder on the Vulnerability Management team and works closely with Internal Audit, Legal, Compliance and Corporate Security. Position requires experience with NIST CSF, ISO 27001, and ISO 31000. Operational knowledge of ServiceNow Integrated Risk Module is important being CDK's chosen tool. The scope of the role includes corporate applications, systems, networks, products, services, third party vendor risk and security awareness training for CDK.

Responsibilities:

Strategic Risk Program Development

• Map out and maintain the entire Cyber/Data threat environment and how it can impact the organization's business objectives.
• Interface with all product and corporate application owners, establish the role as business enabling while identifying and working with key stakeholders and business owners to mitigate security risks.
• Manage strategic direction and provide leadership to the security risk team.

Operational / Functional Leadership roles

• Security Risk Management program
• Third-party Risk Assessment program
• Security Training and Awareness program
• Builds and maintains recurring Sr Management Risk Reports

Collaboration and Cross-Functional Leadership:

• Helps risk owners to mitigate their risks in a business-supportive manner.

Executive Communication:

• Work with Security incident manager to develop and manage clear and concise cyber incident impact communications in business terms including impacts, and resolution strategies.
• Assist in translating technical details into actionable insights for non-technical stakeholders.

Mentorship and Skill Development:

• Provide mentorship to risk team members, fostering their professional growth and development and encourage achievement of certifications that align with the role.

Thought Leadership:

• Stay abreast of emerging cyber threats and industry best practices.
• Contribute to thought leadership by publishing internal articles, identifying and attending training to keep skills current.

Qualifications:

• Proven ability to make critical decisions under pressure and guide teams through complex risk mitigation efforts.
• Experience with NIST CSF, ISO 27001, and ISO 31000.
• Excellent communication skills with the ability to articulate technical details to both technical and non-technical audiences.
• Extensive experience in leading and managing cybersecurity risk teams.
• Advanced understanding of cybersecurity technologies, threat landscapes, and risk management.
• Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field; industry certifications (e.g., CISSP, CISM, GCFA) preferred.

Salary: $140K - $175K + Bonus

Position requires 30% domestic travel to Chicago and Austin

CDK Global is committed to fair and equitable compensation practices. Compensation packages are based on several factors, including but not limited to skills, experience, certifications, and work location. The total compensation package for this position may also include annual performance bonus, benefits and/or other applicable incentive compensation plans.We offer Medical, dental, and vision benefits in addition to:

• Paid Time Off (PTO)
• 401K Matching Program
• Tuition Reimbursement

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US. CDK may offer employer visa sponsorship to applicants.