Who We Are:

Lippert is a leading, global manufacturer and supplier of highly engineered products and customized solutions, dedicated to shaping, growing and bettering the RV, marine, automotive, commercial vehicle and building products industries. We combine our strategic manufacturing capabilities with the power of our winning team culture to deliver unrivaled customer service, award-winning innovation and premium products to our customers.

Why We are Different:

At Lippert, Everyone Matters. This is not just a tagline or empty promise; it is who we are. We have intentionally created a culture that values and celebrates our team members' unique and varied backgrounds, perspectives, and experiences. We strive to give our team members a deeper sense of purpose at work, and we continue to build a better work environment by aligning our cultural and business strategies with the needs of our team members.

What You will Get:

1. A unique, inclusive and supportive company culture.
2. Comprehensive benefits include medical, dental, vision, 401k with employer match, vacation, and more!
3. Fair and competitive compensation.
4. Career development and mentoring and opportunities to grow.
5. Holiday, personal and vacation days.

Summary/Objective:

The Director of Information Security and Compliance oversees the organization's GRC program, ensuring that business processes, policies, and technology align with industry standards, best practices, and regulatory requirements. This role involves managing risk assessments, risk prioritization, collaboration for mitigation, privacy, policy management, regulatory/control compliance, and business continuity/disaster recovery programs.

Duties and Responsibilities:

1. Develop, implement, and enhance a comprehensive global GRC strategy that supports the organization's objectives, risk appetite, and regulatory requirements. Lead the GRC team of leaders and individual contributors through guidance and mentorship to foster a culture of teamwork and performance.
2. Establish a global program to include policy development, reviews, approvals, attestations, and user training.
3. Establish and maintain a robust governance framework that defines roles, responsibilities, and decision-making processes for managing risks and ensuring organizational compliance.
4. Drive efforts to Identify, assess, and prioritize risks impacting the organization's operations, reputation, or assets. Develop treatment and response plans to minimize potential impacts and ensure alignment with the organization's risk tolerance. Drive third-party risk management program.
5. Enforce policies, procedures, and controls to ensure compliance with applicable laws, regulations, and industry standards-monitor and report on compliance performance, identifying areas for improvement and implementing corrective actions as needed.
6. Establish a global BCDR program. Program shall include but not be limited to the definition and listing of Critical Platforms, Financial Impact, Platform Ownership, Disaster Recovery Runbook, Annual Recovery Exercise (Simulation/Tabletop included), Business Continuity Planning with Plan Leadership, and Compliance Reporting.
7. Through collaboration other GRC leadership, Legal and Internal audit, establish and maintain global privacy program.
8. Drive global implementation of Security Controls, Evaluate the effectiveness of controls and processes, and recommend enhancements and modifications to strengthen the organization's risk management and compliance capabilities.
9. Develop and drive identity and access reviews, policy compliance, and certifications.
10. Oversee internal and external audits, coordinating with auditors and stakeholders to ensure timely completion and resolution of audit findings. Conduct regular risk and compliance assessments to identify gaps and areas for improvement.
11. Drive compliance to policy activities through partnership with Global Threat Management.
12. Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of the GRC program and provide regular reports to senior management and stakeholders.
13. From time to time, the leader may be required to engage on other activities within Global Information Security and more broadly, across the office of the CIO.

Working Conditions:

• Primarily working indoors, home and in office environment.
• May sit for several hours at a time.
• Prolonged exposure to computer screens.
• Repetitive use of hands to operate computers, printers, and copiers.

Qualifications:

1. Bachelor's degree in Business, Finance, Information Security, or a related field.
2. 7-10 years of experience in governance, risk management, compliance roles, and team leadership.

Essential Functions:

1. Strong knowledge of GRC principles, best practices (NIST RMF, ISO27001, and regulatory requirements (e.g., GDPR, CCPA, HIPAA, PCI DSS, SOX, DFARS)).
2. Experience with GRC technology platforms, tools, and methodologies.
3. Excellent communication, interpersonal, and leadership skills, with the ability to build consensus and establish trust among team members and stakeholders.
4. Demonstrated ability to manage complex GRC projects and initiatives, including budgeting, resource allocation, performance, and timeline management.
5. Strong analytical and problem-solving skills, with the ability to quickly adapt to new situations and changing priorities.

Competencies:

1. Excellent communication skills both verbal and written
2. Strong attention to detail
3. Ability to manage multiple projects of varying importance at one time

Supervisory Responsibility:

This position has the supervisory responsibilities of other teammates.

Physical Demands

The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job.

While performing the duties of this job, the Team Member is regularly required to talk and hear. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.

Position Type/Expected Hours of Work:

This is a full-time salary position with a work-from-home option. The position is required to be available 24x7x365 as needed to respond to security threats, incidents and breaches affecting the organization.

Travel:

Travel will be moderate and will include domestic and international.

Preferred Education and Experience:

1. Relevant professional certifications (e.g., CISM, CRISC, CISA, CGEIT, CISSP)

Additional Eligibility Qualifications:
N/A

Work Authorization/Security Clearance:

Must be legally authorized to work in the United States.

Other Duties:
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the Team Member for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Lippert provides equal employment opportunity to all team members and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, pregnancy, national origin, ancestry, age, genetic information, disability, citizen status, protected veteran status, military service, marital status or any other legally protected category as established by federal, state, or local law. This policy governs all employment decisions, including recruitment, hiring, job assignment, compensation, training, promotion, discipline, transfer, leave-of-absence, access to benefits, layoff, recall, termination and other personnel matters. All employment and personnel-related decisions are based solely upon legitimate, job-related factors, such as skill, ability, past performance, and length of service with Lippert.

Lippert's strong commitment to equal employment opportunity requires a commitment by each individual team member. Compliance with the letter and spirit of this policy is required of all team members. Violations of this policy should be immediately reported to your leader or to any member of leadership. Team members who violate this policy will be subject to disciplinary action, up to and including termination of employment.

Know Your Rights