Vice President - IT, Cybersecurity, Risk and Compliance

Why Work at Rehlko

We have met today's energy needs while planning for tomorrow's for over 100 years. Beginning with the first modern generator, the Rehlko Automatic Power & Light, launched in 1920, Rehlko has been an innovative leader in energy resilience. 

Our product range includes engines, generators, power conversion, UPS systems, EV components and electrification solutions, microgrid controls and management, clean energy solutions, and much more that serve a broad spectrum of OEM, residential, industrial, and commercial customers.

Our priorities are global: the stability from steady energy sources and reliable back-ups. The power to be able to harness energy, and the freedom of not being dependent on an aging centralized grid. The confidence that clean energy solutions offer when it comes to a sustainable world, and the commitment to keep innovating towards greater impact.

At Rehlko, our team members are the essential energy that powers our organization’s success. We are committed to fostering a safe and sustainable work environment where safety is everyone’s responsibility. We empower every team member to actively participate in our Zero Is Possible safety culture by encouraging open communication, proactively reporting hazards, following protocols, and suggesting improvements. Join us in creating an energy resilient world for a better future!

Why You Will Love this Job:

Location: Hybrid (2-3 days) in our Glendale, WI office

The Vice President, IT – Cybersecurity, Risk & Compliance is responsible for implementing and running the enterprise cybersecurity program. That will involve identifying, evaluating and reporting on some or all of legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives & the development of the organization’s cybersecurity strategy/program and investment plan aligned with the strategy, required capabilities and risk exposure and posture of the enterprise.

This position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.

This position is responsible for establishing and maintaining the company cybersecurity program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate.

A key element of this role is working with executive management to determine acceptable levels of risk for the organization and will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for cybersecurity. The leader should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the board of directors and other senior stakeholders.

This leader must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. This role serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability of information owned or processed by the business, but extend their expertise to aid the organization in meeting safety, privacy, reliability and resilience requirements. This leader understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter.

The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. Integrator of people, process and technology; a hands-on leader that enables and oversees the operational components in this space. Leader of experts and partners that ensure that the organization’s technology landscape is secured through established guidelines, procedures, processes, partners and technologies. This individual holds expectations for the function’s compliance with global, regional, and local regulations, dynamics and requirements in this space. This trusted role requires a great balance of technical expertise, strategic thinking, executive presence, cyber landscape awareness and business acumen.

Specific Responsibilities

• Serves as a member of the Information Technology leadership team, contributing as a thought partner and representative of the function as the department interfaces with senior management and the C-Suite.

• Provides leadership, coaching, and talent management of a global team to drive engagement, effective delivery, and associate development.

• Creates, implements, and manages the enterprise-wide and risk-based IT cyber security strategies consistent with overall corporate and IT strategic plans.

• Delivers return on investment-justified architectures/solutions enabling required compliance.

• Develops and maintains IT security policies, standards, and guidelines related to personnel, data, and technology assets.

• Proactively identifies and evaluates risks and is transparent in reporting findings that meet compliance and regulatory requirements.

• Defines, classifies, and identifies critical information assets, and performs assessments of threats and vulnerabilities regarding those. Implements safeguard recommendations for identified assets.

• Oversees the investigation of security breaches and policy violations, helping with disciplinary and legal matters as necessary.

• Takes ownership of the framework and risk analysis and assessment and acceptance processes to review new facilities, applications, or technology environments during the development or acquisitions process to ensure compliance with corporate security policies and directions.

• Supports, coaches, and consults for new business initiatives to ensure alignment and compliance of these projects/initiatives with the IT Security risk and control framework.  Ensure adherence through auditing and review. Serves as a liaison between Internal Audit and IT for review of all audit reports and responses to ensure timeliness and the effectiveness of the corrective actions.

• Evangelizes and champions IT security programs across the business. using a variety of change management tools.  Advises business leaders and technical personnel on the implementation of security programs in their respective areas. Provides on-going associate awareness and training programs.

• Serves as a liaison to the physical security department regarding overlapping information security issues, such as investigations, badge access, and associated issues pertaining to information technology. This may include background checks for security-sensitive positions and terminations due to policy non-compliance.

• Ensures that the function is the focal point for IT security incident response planning, execution, and awareness to ensure the proper level of executive visibility and that the crisis is managed properly both internally and externally.  Leads and oversees cyber security incidents.

• Manages the cybersecurity budget, including monitoring and reporting discrepancies

• Facilitates a cybersecurity governance structure through the implementation of a hierarchical governance program, including the formation of a cybersecurity steering committee or advisory board

• Provides regular reporting on the current status of the cybersecurity program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes

• Develops, socializes and coordinates approval and implementation of security policies

• Works with the vendor management office to ensure that cybersecurity requirements are included in contracts by liaising with vendor management and procurement organizations

• Directs the creation of a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences

• Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management

• Advises on the cyber risk posture of the organization, including the mandatory application of controls

• Embeds Cyber Judgement across a centralized or decentralized or distributed decision making model

• Owns the security champion program to mobilize employees in all locations

• Leads the cybersecurity function across the company to ensure consistent and high-quality information security management in support of the business goals

• Determines the cybersecurity approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas

• Advises on the identification of non-IT managed IT services in use ("citizen IT") and on facilitating a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this cybersecurity risk is clear

• Works effectively with business units to facilitate cybersecurity risk assessment and risk management processes, and empowers them to make the right decisions that fall within the risk appetite of their organization.

• Ensures that security is embedded in the project delivery process by providing the appropriate cybersecurity policies, practices and guidelines

• Manages and contains cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation

• Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action

• Develops and oversees effective resilience policies and standards to align with the enterprise resilience program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter

• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas

• Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem

Requirements

• Bachelor’s degree in information technology or related field required, with a preference towards a master’s degree, ideally in business.

• 10+ years of proven leadership of a global team in a diverse, multi-region, complex, cross-functional enterprise, with an emphasis on cyber security, risk, and compliance. Must possess depth of experience in infrastructure technology, systems development, audit, and risk management.  

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials (desired)

• Experience with contract and vendor negotiations

• Experience working on a private equity owned company or a traded public company (desired).

 

The Salary range for this position is $215,900.00-$283,400.00.The specific Salary rate offered to a candidate may be influenced by a variety of factors including the candidate’s experience, their education, and the work location.

About Us

Rehlko proudly offers a rich history steeped in creativity and commitment to our associates and communities, along with competitive benefits and compensation. Our Purpose—Creating an energy resilient world for a better future—and Values: Curiosity, Trust, Pace, and Excellence, are important cultural components that shape the way we work and relate to one another. Learn more about Rehlko at http://www.rehlko.com/who-we-are.

In addition to the investment in your development, Rehlko offers a benefits package including a competitive salary, health, vision, dental, 401(k) with Rehlko matching, and more!?

Rehlko is an equal opportunity employer that prohibits discrimination and will make decisions regarding employment opportunities, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination, without regard to race, creed, color, ethnicity, religion, sex, pregnancy, childbirth, or related medical conditions, genetic information, age, national origin, citizenship, ancestry, caste, mental or physical disability, marital or familial status, sexual orientation, gender identity or expression, genetic information, political belief or affiliation, union membership status, military status, veteran status, or any other characteristic protected by national, state, local, or other applicable laws.

Americans with Disabilities Act (ADA)

 It is the policy of Rehlko to comply with all applicable provisions of the Americans with Disabilities Act (ADA) and corresponding national, state, local, or other applicable laws. Rehlko will not discriminate against any qualified associate or applicant with respect to any terms, privileges, or conditions of employment because of a person's physical or mental disability. Rehlko will provide a reasonable accommodation to associates or applicants with disabilities, in accordance with applicable laws. If you have a disability and require an accommodation in the application process or during the course of employment, please contact [email protected]. Rehlko is an equal opportunity/affirmative action employer.

Our Values

Curiosity – Seek, learn, share

Trust – Go farther together

Pace – Focus to go faster

Excellence – Find the win every day