Information Security & Compliance Manager

Daifuku North America, a group company of Daifuku in Japan - the largest material handling company in the world. Our advanced systems move everything from car bodies at auto plants to luggage at airports to packaged goods at warehouses. We are known as experts in engineering, manufacturing, and servicing innovative automated materials handling systems including conveyors, automatic guided vehicles, automated storage & retrieval systems, and integrated controls.

The company is currently seeking an experienced Information Security & Compliance Manager.

Position Summary/ Primary Purpose

The Information Security and Compliance Manager is responsible for developing, implementing, and maintaining a comprehensive information security and compliance program to ensure the protection of company data and adherence to regulatory requirements. This role involves assessing and mitigating risks, managing security incidents, and leading compliance efforts across the organization. The successful candidate will work closely with IT, legal, and other departments to safeguard the company’s digital assets and ensure compliance with applicable laws, regulations, and standards.

Major Areas of Responsibility

• Develop, uphold, and enforce the organization's information security policies, procedures, and guidelines.
• Ensure the confidentiality, integrity, and availability of data stored or transmitted within corporate systems and repositories.
• Conduct risk and vulnerability assessments to identify threats and vulnerabilities.
• Evaluate and report on information security risks to meet compliance and regulatory requirements.
• Develop a risk management program with regular assessments, mitigation strategies, and continuous monitoring.
• Collaborate with IT to ensure security architecture aligns with risk management strategies.
• Monitor and respond to security incidents, coordinating with internal teams and external partners, as necessary.
• Implement and manage security tools and technologies to protect the organization’s information systems.
• Lead the design and execution of security awareness training programs for employees.
• Develop, enforce, and manage IAM policies, procedures, and tools to ensure compliance with regulatory requirements and internal standards, while aligning with the organization's security and risk management strategies.
• Develop and maintain a compliance program with regular audits and assessments.
• Collaborate with auditors to address findings promptly.
• Stay updated on relevant regulations and standards, ensuring policies and procedures reflect any changes.
• Lead and mentor a team of security professionals, providing guidance and support in their professional development.
• Collaborate with cross-functional teams, including IT, legal, HR, and operations, to integrate security and compliance into all business processes.
• Communicate effectively with senior management and stakeholders on the status of information security and compliance initiatives.
• Create and maintain the enterprise’s Business Continuity Plan and Disaster Recovery Plan, where appropriate.
• Supervise investigations into problematic activity and provide on-going communication with senior management.
• Performs other related duties as required to accomplish the objectives of the position. 

Knowledge

• Strong knowledge of security frameworks, standards, & best practices (e.g., ISO/IEC 27001, NIST, COBIT).
• In-depth understanding of regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
• Experience in enterprise security architecture design.
• Experience in enterprise security document creation.
• Experience in designing and delivering employee security awareness training.
• Experience in developing Business Continuity Plans and Disaster Recovery Plans.
• Understanding of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack methodologies
• Working technical knowledge of security technologies and processes and their practical applications: IDS/IPS, firewalls, penetration and vulnerability testing, DLP, anti-virus, anti-malware, subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP, application security, advanced persistent threats (APT), phishing and social engineering, multifactor authentication, single sign-on, identity management, network access control (NAC), network segmentation, and network routing methods
• Strong understanding of IP, TCP/IP, and other network administration protocols.
• Familiarity with PCI, HIPAA and J-SOX compliance assessments

Skills & Abilities

• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.
• Ability to manage one's own time and the time of others.
• Ability to monitor and assess the performance of you, other individuals, or organizations to make improvements or take corrective action.

Education & Experience

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Minimum of 5-7 years of experience in information security, with at least 3 years in a managerial or leadership role.
• Proven experience in managing and implementing information security and compliance programs.
• Relevant certifications such as CISSP, CISM, CRISC, or CISA are highly desirable.

Demonstrated Physical Abilities

Remain stationary for 50% of the time; move/traverse throughout the office to access file cabinets and office equipment; operate a computer and other productivity machinery; inspect documents; communicate with others through talking/hearing; read/identify/assess forms and correspondence.

Daifuku North America is an Affirmative Action/Equal Opportunity Employer/Veterans/Disabled, and federal sub/contractor. All qualified applicants will receive consideration for employment without regard to their race, color, religion, ancestry, national origin, sex, sexual orientation, gender identity, age, disability, protected veteran status, marital status or medical condition. If you’d like to view a copy of the company’s affirmative action plan or policy statement, please call 248-553-1000.

Daifuku North America offers an excellent compensation package including great benefits such as excellent medical, vision, and dental insurance, paid vacation time, paid sick time, and paid holidays, 401K, Flexible Spending Programs, and more.

At this time our company only receives applications online. If you need assistance applying online to this position, please call 248-553-1000 and leave a message and your call will be returned.