The Cybersecurity Awareness and Training Manager at Sherwin-Williams is responsible for creating, implementing, and maintaining extensive A&T initiatives for enterprise. This role significantly contributes to decreasing the organization's risk by making sure that all 65,000+ employees fully understand their role in safeguarding Sherwin-Williams' data assets as well as handling data in accordance with international privacy laws. This person's obligations include making sure employees are informed and trained on SHW Cybersecurity policies & standards, any updates in global privacy regulations, and the latest cybersecurity threats and best practices from the moment they're onboarded and continuing through any career changes.
Here, we believe there’s not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there’s a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans. We’ll give you the space to share your strengths and we want you show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show!
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commuteit matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable.
Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.
Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.
Collaborate with subject matter experts to develop relevant and engaging content for cybersecurity training programsDesign and deliver effective training sessions that connect individuals' roles to secure behaviors and highlight the importance of cybersecurity in their work activitiesUtilize innovative learning methodologies and technologies to enhance the effectiveness and engagement of training programsEvaluate the impact and effectiveness of training initiatives and identify areas for improvement or additional supportSupport the GRC regional employees with awareness and training initiativesServe as a resource and point of contact for employees seeking guidance on cybersecurity best practicesFoster a culture of cyber awareness and responsibility throughout the organizationStay updated on the latest cybersecurity trends, threats, and best practices to ensure training content remains current and relevantCollaborate with cross-functional teams, including HR business partners, to integrate cybersecurity awareness or training into existing learning and development initiativesMonitor and analyze cybersecurity metrics and trends to identify areas of concern and develop targeted training interventionsPerform administrative and management duties (recruiting, hiring, training, coaching, performance planning and evaluations, corrective actions, etc.) as necessaryComplete special projects as requested.
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.
This position has a hybrid work schedule with three days in the office and the option for working remotely two days.
Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. TheCompany therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company’s staff, employees, and business relationships.FORMAL EDUCATION:
Required:
Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business).
Preferred:
Master’s degree in Business Administration, Psychology, or Communications, CISSP, CISM, CIPP, CIPM
KNOWLEDGE & EXPERIENCE:
Required:
8+ years of IT and/or Business experience5+ years of work experience in cybersecurity, privacy, or risk management.Experience presenting and running training programs.
Preferred:
Supervisory experience or team responsibility.5+ years working in training leadership and training program management.3+ years project and program management experienceExperience working with Global Privacy and Cybersecurity laws and regulations.TECHNICAL/SKILL REQUIRMENTS:
Required:
Leadership, decision-making, and problem-solving skills.Excellent verbal and written communication with all organizational levels.Proficiency in using learning management systems (LMS) and training tools.Experience in team-oriented, collaborative environments and motivating teams across cultures.Analyzing and interpreting data to identify trends and opportunities for improvement.Developing and executing comprehensive training strategies aligned with organizational goals.Commitment to fostering a culture of inclusion and diversity.Broad understanding of security tools and controls.
Preferred:
Strong understanding of adult learning principlesExperience developing targeted training programsKnowledge of the following frameworks:NIST Privacy Framework (PF)NIST Cyber Security Framework (CSF)