Director, Cybersecurity, Risk & Compliance at Pentair Management Company in Golden Valley, Minnesota

Job Description:

Job Description:

At Pentair, you will work along-side passionate problem-solvers who are committed to the future and are focused on creating a healthier world for all. Throughout our 120 global locations, our values guide us as we create innovative solutions for the world's water challenges. We bring water to life!

As a Pentair employee, you would enjoy a wide array of benefit options to help keep you and your family healthy and protected, a generous 401(k) and ESPP to help you save for retirement, plus paid time off and wellness programs to encourage a healthy work/life balance.

We have an opportunity for a Cybersecurity, Risk & Compliance Director to join our Golden Valley, MN team. The Director, Cybersecurity Risk & Compliance will be responsible for planning, implementing and maintaining the cybersecurity governance, risk management, and compliance program within Pentair. This position will work closely with other leaders throughout the organization to ensure that Pentair's information and critical assets are properly identified and protected..

You will:

• Lead the security governance, risk management, and compliance function for Pentair IT Security.


• Develop and maintain the security risk management roadmap to align with regulatory and legal requirements.


• Build and mature Pentair's policy and control framework supporting various standards (e.g., NIST Cybersecurity Framework, ISO 27001, CIS CSC) and regulatory/compliance requirements (e.g., Sarbanes Oxley, GDPR, PCI-DSS).


• Develop, communicate, and manage information security policies, standards, baselines and practices supporting information security frameworks.


• Oversee the approval, training, and dissemination of security policies and practices.


• Work across functions to develop and maintain security playbooks, including incident management, vulnerability assessment, disaster recovery, awareness and training, endpoint protection.


• Collaborate with legal to ensure security controls support global privacy and data protection requirements.


• Drive the third-party risk management process by working closely with legal and procurement.


• Develop and maintain a risk-based framework to mitigate and monitor third-party risk.


• Complete customer information security questionnaires. Provide external information on Pentair's internal security capability and practices in support of business objectives.


• Identify vulnerabilities for websites, communicate and educate stakeholders about website and ecommerce risk, work with developers to remediate issues, track and report progress.


• Review and approve exceptions to security policy and firewall changes to ensure residual risk does not exceed risk appetite.


• Design and implement an overall cyber risk management framework for the organization, including conducting risk assessments, documenting, evaluating and tracking status of risks and risk treatment plans (remediation or risk acceptance), and producing and communicating a risk register to key stakeholders.


• Work directly with business units to facilitate cyber risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.


• Identify and quantify enterprise cybersecurity risk and update Pentair's risk register quarterly.


• Partner and communicate with internal and external audit concerning changes to the security program, risk profile, and status of major security projects.


• Coordinate with internal and external auditors and PCI assessors to ensure Pentair's continued compliance with PCI, Sarbanes Oxley, and other audit standards relevant to the organization.


• Automate common repetitive audit tasks to reduce time and effort spent in preparing for internal and external audits.


• Maintain and mature comprehensive security awareness and training program.


• Partner with business stakeholders across the company to raise awareness of risk management concerns.


• Promote sharing of expertise through consulting, presentation, and documentation.


• Communicate the value of Cyber Risk, Compliance, and Information Security within the organization clearly and interact effectively at multiple levels of the organization, and influence as warranted and appropriate.


• Lead development of security KPIs, metrics, and monitoring processes to ensure compliance, provide feedback on effectiveness, and provide the basis for appropriate management decisions.


• Identify enterprise critical assets and ensure the availability, integrity, and confidentiality of those assets by performing and documenting risk analysis, recommending cost-effective security solutions, and overseeing projects to implement approved controls.


• Establish procedures to address security incidents and partner with executive leadership to investigate and resolve security breaches.


• Oversee incident response, and coordinate efforts to restore and recover from events that may negatively affect information, systems and critical infrastructure that support business functions.


• Remain up-to-date on legal and regulatory changes, emerging threats and evolving technologies and implement appropriate control mechanisms based on risks within Pentair's environment.


• Coordinate security efforts with operational security and connected IoT security to ensure seamless coverage of Pentair's critical assets, data, application, informational property, networks, servers, and endpoints.

Key Qualifications:

• Bachelor's degree


• Ten to fifteen years of experience in a combination of risk management, information security, and IT jobs


• Strong understanding of strategic business imperatives and be able to articulate risk in the context of business objectives, he or she will have a deep working knowledge of relevant compliance, privacy, regulatory frameworks (e.g., ISO, SOX, GDPR) and Payment Card Industry (PCI) Data Security Standard (DSS)


• Knowledge of common information security management frameworks (e.g., ISO, NIST, CSC)


• Experience implementing and executing cyber risk management methodologies and processes


• Excellent written, verbal and nonverbal communication skills, including the ability to communicate security and risk-related concepts to technical and nontechnical audiences at all levels of the organization as well as third-party executive and government agencies


• Ability to articulate risks and recommended remediation/mitigation actions


• Ability to successfully interact with and influence IT staff to quickly and successfully address IT audit findings and control gaps


• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams


• Proven ability to lead teams through change, including M&A activities


• Experience in policy development, implementation, socialization and training

#LI-TS

Pentair is an Equal Opportunity Employer

Diversity and Inclusion:

With our expanding global presence, cross-cultural insight and competence are essential for our ongoing success. We believe that a diverse workforce contributes different perspectives and creative ideas that enable us to continue to improve every day. Race, gender, ethnicity, country of origin, age, personal style, sexual orientation, physical ability, religion, life experiences and many more factors contribute to this diversity.

We take ongoing action to improve the diversity of our workforce by:

• Ensuring leadership involvement and ownership


• Attracting and retaining diverse talent at all levels


• Fostering a globally aware, inclusive culture


• Ensuring our practices are fair and non-discriminatory