**103876BR** **Job Title:** Senior Manager - Erlanger, KY **Department/Function:** Information Technology **Job Description:** **Senior Manager Technology and Cybersecurity Risk Management - Erlanger, KY** Full-time **Job Summary** We are looking for a highly accomplished Senior Manager of Technology and Cybersecurity Risk Management to lead our IT and cybersecurity risk management program as part of the Global Technology organization's governance, risk management, and compliance (GRC) function. In this senior role, you will be responsible for defining, implementing, and overseeing the risk management framework and strategies that protect our global enterprise, spanning traditional Information Technology (IT), critical Operational Technology (OT) environments, and cybersecurity. As a publicly-traded global manufacturing leader, our operations require a seasoned manager who can navigate complex landscapes and lead IT, OT, and cybersecurity risk management initiatives in alignment with our business and operational objectives. You will be a key leader and subject matter expert, responsible for driving a culture of cybersecurity and accountability. You will partner with a broad set of leaders and stakeholders to manage risks in an open, collaborative environment where new ideas and solutions are welcomed and rewarded. This role is instrumental to ensuring we maintain our operational integrity, protect our data and systems, and comply with all legal and regulatory obligations. **Key Responsibilities** + IT and Cyber Risk Management - Lead a team in developing and executing the company's global technology and cybersecurity risk management strategy for internally-developed and third-party technologies and services. Collaborate with leaders, staff, and other stakeholders to employ a GRC framework that is scalable, repeatable, measurable, and integrated into enterprise-wide risk management processes. + Third-Party IT Risk Management - Own the design and continuous improvement of the third-party IT risk management program, including risk assessments, integrating IT risk management into the vendor selection, contracting, and ongoing monitoring lifecycle, and conducting due diligence for critical/high-risk third- and Nth-party relationships. + Operational Technology (OT) Risk Management – Collaborate with OT and plant automation leadership on the design and implementation of the cybersecurity risk management strategy for OT. Orchestrate specialized risk assessments on OT infrastructure, identifying threats to system availability, integrity, and safety. Monitor critical risk metrics unique to the OT environment (e.g., legacy system exposure, remote access controls, segmentation status). + Risk Management Lifecycle - Manage risks through intake, analysis, response, and monitoring in collaboration with subject matter experts and risk owners. This includes risks originating from third-party relationships. Facilitate and document risk response decisions. Validate execution of mitigation plans. Oversee continuous monitoring of risk responses. + Risk Management Process Optimization - Execute, mature, and optimize technology and cybersecurity risk management processes, including risk identification, assessment, treatment/response, and reporting. Implement baseline automation and process improvements and iterate to improve risk management data and tooling. + Risk Register - Maintain a comprehensive risk register and ensure risk treatment/risk response plans have clear accountability and timelines, including reporting and escalations. Leverage the risk register to support risk informed decisions by clearly communicating tradeoffs. Develop strategies and action plans in areas where existing controls do not mitigate risk in alignment with risk appetite and risk tolerance. Accurately document, prioritize, and track third-party IT and cybersecurity risks. + Cybersecurity, IT, and OT Frameworks - Apply industry frameworks (e.g., COBIT, NIST Cybersecurity Framework (NIST CSF), NIST SP 800-37 Risk Management Framework, NIST 800-39 Managing Information Security Risk, NIST SP 800-82 Guide to Operational Technology Security) to develop decision-making and accountability structures for managing cybersecurity, IT, OT, and third-party IT risks. + Communication and Reporting - Oversee development and execution of a communication plan for the technology, cybersecurity, and third-party IT risk programs. Build mechanisms to report findings, metrics, and risk responses to business and technology leadership. Define and report on key performance indicators (KPIs) and key risk indicators (KRIs) for the GRC program. Prepare communications on findings, risks, and strategic recommendations for senior management, audit committees, and the Board. + Team Leadership - Coach a team of technology and cybersecurity risk analysts. Create an environment that encourages building technical risk analysis skills. Provide mentorship and guidance to team members. + Collaboration - Scale the risk framework across the organization. Foster a culture of agility, innovation, and cooperation with key stakeholders across IT, OT, Legal, Internal Audit, Compliance, ERM, Procurement, and global business units. Work with ERM to escalate risks to the enterprise risk register. + Additional duties as assigned. **Job Requirements** + Bachelor's degree in information technology, cybersecurity, business, or a related field. An MBA or advanced degree is preferred. + Minimum of 8-10 years of progressive experience in IT or cybersecurity governance, risk management, and compliance (GRC), with at least 5 years in a people leadership or management role. + Extensive experience within a global, publicly-traded company is essential. + Experience in traditional IT and manufacturing Operational Technology (OT) environments and the distinct security and risk management challenges they present. + Strong leadership and team management skills, with the ability to build and motivate high-performing teams. + Ability to navigate ambiguity and complexity while managing a queue of strategic and operational priorities. + Expert knowledge of regulations and frameworks, including SOX, SEC Cybersecurity Disclosure Rules, NIST CSF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-82, NIS2, and ISO 27001. + Professional certification such as CRISC, CGEIT, or CISA is required. + Exceptional strategic thinking, communication, and presentation skills, with a proven ability to influence and collaborate with executive-level stakeholders. + Willingness to travel internationally as needed. Excited about this role but don’t think you meet every requirement listed? We encourage you to apply anyway. You may be just the right candidate for this role or another one of our openings. ADM requires the successful completion of a background check. REF:103876BR **Req/Job ID:** 103876BR **City:** Erlanger **State:** KY - Kentucky **Ref ID:** \#LI-SU1 **:** **About ADM** At ADM, we unlock the power of nature to provide access to nutrition worldwide. With industry-advancing innovations, a complete portfolio of ingredients and solutions to meet any taste, and a commitment to sustainability, we give customers an edge in solving the nutritional challenges of today and tomorrow. We’re a global leader in human and animal nutrition and the world’s premier agricultural origination and processing company. Our breadth, depth, insights, facilities and logistical expertise give us unparalleled capabilities to meet needs for food, beverages, health and wellness, and more. From the seed of the idea to the outcome of the solution, we enrich the quality of life the world over. Learn more at www.adm.com. **:** \#LI-Onsite **\t:** **\#IncludingYou** Diversity, equity, inclusion and belonging are cornerstones of ADM’s efforts to continue innovating, driving growth, and delivering outstanding performance. We are committed to attracting and retaining a diverse workforce and create welcoming, truly inclusive work environments — environments that enable every ADM colleague to feel comfortable on the job, make meaningful contributions to our success, and grow their career. We respect and value the unique backgrounds and experiences that each person can bring to ADM because we know that diversity of perspectives makes us better, together. We welcome everyone to apply. We are committed to ensuring all qualified applicants receive consideration for employment regardless of race, color, ethnicity, disability, religion, national origin, language, gender, gender identity, gender expression, marital status, sexual orientation, age, protected veteran status, or any other characteristic protected by law **:** **Benefits and Perks** Enriching the quality of life for the world begins by taking care of our colleagues. In addition to competitive pay, we support your diverse needs with a comprehensive total rewards package to enhance your well-being, including: + **Physical wellness** – medical/Rx, dental, vision and on-site wellness center access or gym reimbursement (as applicable). + **Financial wellness** – flexible spending accounts, health savings account, 401(k) with matching contributions and cash balance plan, discounted employee stock purchasing program, life insurance, disability, workers’ compensation, legal assistance, identity theft protection. + **Mental and social wellness** – Employee Assistance Program (EAP), Employee Resource Groups (ERGs) and Colleague Giving Programs (ADM Cares). Additional benefits include: + Paid time off including paid holidays. + Adoption assistance and paid maternity and parental leave. + Tuition assistance. + Company-sponsored training and development resources, such as LinkedIn Learning, language training and mentoring programs. *Benefits may vary for bargained locations, confirm benefit eligibility with your recruiter. **:** Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. If hired, employees will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. The pay range for this position is expected to be between: **:** $110,300.00 - $170,000.00 **Salaried Incentive Plan:** The total compensation package for this position will also include annual bonus