Manager, Cyber Security

Requisition ID:
68684

About Whirlpool Corporation
Whirlpool Corporation (NYSE: WHR) is a leading kitchen and laundry appliance company, in constant pursuit of improving life at home and inspiring generations with our brands. The company is driving meaningful innovation to meet the evolving needs of consumers through its iconic brand portfolio, including Whirlpool, KitchenAid, JennAir, Maytag, Amana, Brastemp, Consul, and InSinkErator. In 2023, the company reported approximately $19 billion in annual sales, 59,000 employees, and 55 manufacturing and technology research centers. Additional information about the company can be found at

The team you will be a part of
The Information Systems team is responsible for implementation of the enterprise architecture and the development and maintenance of the organization's computing/IT environment. Determines and develops architectural approaches and solutions, conducts business reviews, documents current systems and develops recommendations of how to proceed with the applications.

This Role In Summary
The Manager Cybersecurity and Privacy is a critical member of the Whirlpool India IT. This leader must be able to translate the risk requirements and constraints of the business into engineering and privacy requirements, specifications, standards, as well as develop metrics for ongoing performance measurement and reporting. The position will manage overall Cyber Security and Privacy processes and technical engineering and operations activities to implement and manage the security and privacy technology stack, and to provide regular status and service-level reporting to the India Leadership Team, GISO and CPO.

This role will represent security and privacy requirements during yearly planning initiatives to ensure security and privacy measures are incorporated into strategic plans and that service expectations are clearly defined.

Your Responsibilities Will Include

• Perform Security and Privacy review of existing and new business process and solution implementations.
• Review product architectures for IT control security design gaps and vulnerabilities and consult with product teams and cyber security to remediate or mitigate cyber risk. Identify IT application end to end security deficiencies and implement approved remedial actions.
• Perform Privacy Impact Assessments for new processes involving personal data.
• Support adoption of comprehensive application security processes, procedures, and guidelines.
• Undertake required tactical application security skills and awareness training as required.
• Implement systems and integrations to drive greater automation and remove areas of human error.
• Collaborate with internal and external auditors during IT audits.
• Regularly assess the effectiveness of IT application controls using defined metrics and indicators.
• Prepare regular reports on outcomes and recommend enhancements to bolster IT governance.
• Proactively monitor IT security controls (data validation, authorization, encryption, audit logging, etc.) for key applications (on-premises and cloud-based) to identify weaknesses and potential vulnerabilities.
• Analyze security alerts and application security control deficiencies, recommending and implementing corrective actions.
• Regularly assess the effectiveness of IT security controls using defined metrics and indicators to identify areas for improvement.
• Collaborate with internal and external auditors during IT audits, providing technical expertise and insights.
• Ensure IT security controls operate efficiently and effectively, aligned with information security policies, standards, and compliance requirements.
• Identify and address gaps in security control design to mitigate cyber risks.
• Support the adoption of comprehensive application security processes and procedures, ensuring adherence to security best practices.
• Collaborate with cross-functional teams (product, development, security) to ensure a secure and seamless customer experience across platforms.
• Prepare regular reports on security control effectiveness and recommend enhancements to strengthen IT governance.
• Communicate effectively with technical and non-technical audiences regarding security controls and findings.

Minimum Requirements

• Bachelor's degree required.
• 10+ years of Cybersecurity and Privacy experience, with a heavy background managing cybersecurity and privacy functions.
• Knowledge of information security and privacy management frameworks (example: ISO 27001/NIST CSF).
• Knowledge of Global and India Data protection laws and regulations. (example: GDPR, India DPDPA, SG PDPA etc.)
• Ability to communicate clearly and effectively with both technology/development and business partners. Strong relationship, team building and facilitation skills.
• Ability to translate technical/security issues to business users.
• Proven analytical and problem-solving abilities.
• Ability to independently influence others to achieve objectives.
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

Preferred Skills And Experiences

• Bachelor's degree in computer science, information systems or equivalent.
• Security certifications to include: CISSP, CISM, CRISC, CISA and other technical certifications.
• Privacy Certifications to include: CIPM, CIPT, CIPP and other product specific certifications.
• MBA or Master's degree in a management, scientific, technical, or engineering field.
• Significant work experience with different regions/business units on risk management and leading information security initiatives.

Connect with us and learn more about Whirlpool Corporation

See what it's like to work at Whirlpool by visiting Whirlpool Careers. Additional information about the company can be found on Facebook, Twitter, LinkedIn, Instagram and YouTube.

Whirlpool Corporation is committed to equal employment opportunity and prohibits any discrimination on the basis of race or ethnicity, religion, sex, pregnancy, gender expression or identity, sexual orientation, age, physical or mental disability, veteran status, or any other category protected by applicable law.