IT Risk & Governance Manager Ready to shape how a global business manages its technology risk and governance? Looking for a role where your expertise directly influences how we protect our systems, data, and clients? Join Aon as a Technology Risk & Governance Manager and help turn complex risks into clear, practical action! This is a virtual role with the flexibility to be based in the US. Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed. What the day will look like In this role, you’ll be a key partner to Technology, Cybersecurity, Compliance, and the business—helping them make smart, risk-aware decisions. Your day will blend hands-on work with policies and controls, reviewing and challenging risks, and turning regulatory and framework requirements into clear, practical actions that protect our systems and data. - Keep our technology policies, standards, and procedures up to date and easy to understand, working closely with stakeholders across the business. - Lead regular reviews and approvals of policies and be the go-to person to explain what they mean in day-to-day practice. - Help design and maintain a clear set of technology controls (such as access management, change management, incident management, data protection, and resilience) that keep our critical systems and data safe. - Work with Technology and Cybersecurity teams to spot gaps in controls, agree on fixes, and make sure they’re delivered on time. - Support internal and external audits and control testing, helping respond to questions, and track findings through to closure. - Maintain and update technology risk registers, making sure key risks are clearly described, assessed, and owned. - Provide risk input on new projects, technology changes, and third-party/vendor engagements so teams understand the impacts and can stay within risk appetite. - Help define and track key risk indicators and metrics that show how our technology risk profile is evolving. - Stay on top of relevant regulations, industry standards, and best practices, and translate them into practical requirements for our technology teams. - Prepare clear, concise risk and control updates for senior leaders and governance forums. - Build strong relationships with stakeholders across Technology, Cybersecurity, Compliance, Internal Audit, and business teams to align on priorities and remediation plans. - Champion a risk-aware culture by providing training, guidance, and day-to-day support on technology risk, controls, and governance. How this opportunity is different As Technology Risk & Governance Manager at Aon, you won’t be on the sidelines—you’ll be a core partner in how we design, run, and protect our technology. You’ll see a direct link between the policies and controls you shape and the resilience of the platforms our colleagues and clients rely on every day. The role offers broad visibility, strong stakeholder engagement, and a mix of strategic thinking and hands‑on delivery—ideal for someone who wants to grow their career in technology risk and governance. Who you’ll work with - Technology teams – Partner with application, infrastructure, and delivery teams to embed practical, right‑sized controls into day‑to‑day operations and change. - Cybersecurity – Work closely with security specialists to align on threats, controls, incidents, and resilience expectations. - Compliance & Legal – Translate regulatory and policy requirements into clear technology standards and controls. - Business leaders – Support product, operations, and functional leaders in understanding their technology risk profile and remediation priorities. - Internal Audit – Coordinate on audits, respond to findings, and drive sustainable remediation. You’ll have clear ownership and autonomy, backed by supportive risk leadership, subject‑matter experts, and established GRC tools and processes. Skills and experience that will lead to success - Bachelor’s degree in IT, Information Security, Risk Management, Business or related field (or equivalent experience) - 4–8+ years’ experience in technology risk management, IT audit, information security, technology controls or similar governance roles - Strong grasp of technology risk concepts, frameworks, and regulations (e.g., ISO 27001, NIST, COBIT, ITIL; cybersecurity, data protection/privacy, operational risk) - Hands-on experience designing, implementing, and testing technology controls, and developing policies, standards, and procedures - Strong analytical and communication skills, with the ability to work independently and collaboratively in a fast-paced, matrixed environment Education Bachelor’s degree in Information Technology, Information Security, Risk Management, Business, or equivalent years of industry experience. How we support our colleagues In addition to our comprehensive benefits package, we encourage a workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working! Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Pay Transparency Laws: The salary range for this position (intended for U.S. applicants) is [$113300 to $140000] annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location. This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan. Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies. #LI-NS1 #LI-REMOTE 2573732

• Be an important and essential conduit between the legal & compliance teams and the technical teams. • Have full oversight of business operations, technical development, and product offerings to ensure system compliance in regulated markets. • Translate regulatory requirements into understandable technical language for developers, ensuring regulatory compliance throughout. • Possess an assistive jurisdictional market understanding and appreciation so that a compliant approach to system development is integral to everything that we do. • Be directly involved in the project lifecycle to ensure that all requisite regulatory matters are considered from project inception to conclusion. • Undertake ongoing quarterly and annual technical audits with regulatory bodies. • Gain enhanced product knowledge to identify areas of compliance/non-compliance. • Perform detailed analysis of current products with new or amended regulatory requirements to ensure ongoing regulatory compliance. • Ensure product testing meets regulatory compliance requirements. • Keep abreast with ever-changing regulations to ensure continued technical compliance. • Keep up to date with market news to understand relevant industry changes. • Act as an internal consultant to business departments in relation to all regulatory matters. • Assist in explaining technical problems to non-technical stakeholders. • Conduct internal reviews that are performed against various policies & business practices to ensure that best practice is maintained. • Be involved in the Information Security Risk Management function to identify, assess, and assist with the treatment process of organisational risks pertaining to information security. • Track the lifecycle and compliance status of all security testing and security audit projects.

• Lead the planning and execution of complex technology projects; • Define scope, objectives, and deliverables for cybersecurity and IT infrastructure projects; • Develop detailed plans with schedules, milestones, and resource allocation; • Manage the full project lifecycle from initiation to closure; • Adapt to changing requirements or priorities; • Ensure collaboration and on-time delivery within cross-functional teams; • Manage budgets and control costs; • Proactively identify and mitigate risks and issues; • Ensure compliance with cybersecurity standards and regulations; • Provide regular updates on project status and performance metrics;

Overview Every moment of every day, people all over the world turn to Panasonic to make their lives simpler, more enjoyable, more productive and more secure. Since our founding almost a century ago, we’ve been committed to improving peoples’ lives and making the world a better place–one customer, one business, one innovative leap at a time. Come join our journey! Responsibilities https://www.youtube.com/watch?v=0tMgKm_71qs (by clicking this link you are being referred to an external site that is not part of Panasonic) Meet the Recruiter: Amber Smallwood What You'll Get To Do: The CISO is a strategic leadership role responsible for shaping and advancing the enterprise-wide cybersecurity strategy in alignment with business objectives and emerging risk landscapes. Operating within a shared services organization and reporting to the Chief Information Officer (CIO), this role provides thought leadership, oversight, and direction across cybersecurity engineering, governance, and operations (including the Security Operations Center). The CISO will collaborate with senior IT and business leaders to drive a proactive, risk-based approach to security that enables innovation and resilience. Enterprise Cybersecurity Strategy and Program Leadership - Lead the creation and evolution of the long-term cybersecurity vision and strategic roadmap. - Align cybersecurity investments and priorities with enterprise risk appetite, regulatory demands, and business strategy. - Serve as a key advisor to the CIO and other senior executives on cyber risk, emerging threats, and security-related business impacts. - Translate technical security requirements into actionable business-focused plans. - Monitor industry trends, threat intelligence, and emerging technologies to inform strategic direction. Governance, Risk, and Compliance - Drive the development and enforcement of enterprise-wide cybersecurity policies, standards, and frameworks. - Ensure compliance with relevant legal and regulatory frameworks - Lead enterprise cybersecurity risk assessments and guide business units in risk treatment planning. - Engage with internal audit, legal, and compliance teams to manage regulatory obligations and audit readiness. - Promote accountability and transparency through structured governance and reporting mechanisms. Cross-Functional Leadership in a Shared Services Environment - Act as the cybersecurity leader within a shared services model, supporting multiple business units with diverse needs. - Build strong relationships with IT, operations, legal, compliance, and business leaders to embed security in enterprise projects and operational practices. - Ensure scalable, flexible security services that address both enterprise and business-specific priorities. - Represent cybersecurity in enterprise governance committees and project steering groups. Oversight of Security Architecture and Operations - Provide leadership and strategic oversight for security engineering, infrastructure protection, and operations. - Ensure the Security Operations Center (SOC) functions effectively with clear escalation paths and continuous improvement. - Support adoption of secure architecture and development practices, including cloud and hybrid environments. - Guide technology selection and integration efforts aligned to strategic objectives. - Drive the automation of processes to reduce mean time to containment Culture, Awareness, and Communication - Promote a culture of cybersecurity awareness and accountability at all levels of the organization. - Lead efforts to improve employee understanding of cyber risk through education and training. - Communicate complex security topics in business-relevant terms to executives and staff. - Champion security as a business enabler and advocate for risk-informed decision-making. - Ability to motivate a team while fostering engagement and empowerment Qualifications What You'll Bring: Education & Experience: Degree required/preferred - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field required; Master’s degree preferred. - 10+ years of progressive experience in cybersecurity or information security, with at least 3–5 years in a leadership or strategic planning role. - Demonstrated experience leading enterprise-wide security programs and aligning cybersecurity initiatives with business goals. - Proven ability to oversee diverse security functions such as governance, risk, compliance, security engineering, and security operations. - Experience operating in a shared services or matrixed organizational model is strongly preferred. - Relevant industry certifications (e.g., Certified Information Systems Security Professional [CISSP], Certified Information Security Manager [CISM], Certified in Risk and Information Systems Control [CRISC]) are preferred. Problem Solving: Complexity of problems - Must be able to assess and respond to dynamic and complex cybersecurity risks in real time. - Capable of balancing tactical incident response needs with long-term strategic risk mitigation planning. - Expected to interpret and apply regulatory and legal requirements to a variety of business and technology environments. - Responsible for solving cross-functional challenges involving security, compliance, operations, and IT architecture. - Must make high-impact decisions with limited information during critical incidents or evolving threat situations. - Ability to design scalable, risk-informed solutions that support both enterprise and business-unit objectives. Communications: Key communications contacts (internal/external) and level of persuasion required - Must effectively communicate with executive leadership, technical teams, business stakeholders, regulators, and third parties. - Ability to translate complex cybersecurity concepts into plain language for non-technical audiences. - Skilled in presenting risk, performance, and program updates to senior executives, boards, and oversight committees. - Capable of influencing and building consensus across multiple departments and organizational levels. - Expected to lead cybersecurity awareness campaigns and foster open dialogue on security issues across the enterprise. Other Requirements: e.g. Working conditions, physical requirements, travel, etc. - Domestic and International travel required up to 50%. - Must stay current with industry trends, threat intelligence, and emerging technologies. - Demonstrated leadership, integrity, and discretion in handling sensitive or confidential information. - Comfortable working in a fast-paced, highly visible role with enterprise-wide influence. - 7x24x365 as required. - Maintain a strong relationship with Federal, State, and International law enforcement Benefits & Perks - What's In It For You: Panasonic prioritizes total well-being and offers comprehensive benefits options to support physical, emotional, financial, social, and environmental health: - Health Benefits – Offering medical, dental, vision, prescription plans, plus Health Savings Account and Flexible Spending Account options. - Voluntary Benefits – Life, accident, critical illness, disability, legal, identity theft, and pet insurance. - Panasonic Retirement Savings & Investment Plan (PRSIP) – 401(k) plan with company matching contributions and immediate vesting. - Paid Time-Off Benefits – Vacation, holidays, personal days, sick leave, volunteer, and parental & caregiver leave. - Educational Assistance – Tuition reimbursement for job-related courses after six months of service. - Health Management and Wellbeing Programs –Lifestyle Spending Account, EAP, virtual health management, chronic condition, neurodiversity, tobacco cessation, substance abuse support, and life stage and fertility resources. Available to eligible employees starting the first day of the month following your start date. Eligibility for each benefit may vary based on employment status, location, and length of service. - Employee Recognition Program - High5 employee recognition and awards platform, quarterly and annual employee recognition - Annual Bonus Program - Opportunity for an annual performance-based bonus. We Take Opportunity Seriously: At Panasonic, we are committed to a workplace that genuinely fosters inclusion and belonging. Fairness and Honesty have been part of our core values for more than 100 years and we are proud of our diverse culture as an equal opportunity employer. The wage range of $250,000 - $275,000 is just one component of Panasonic’s total package. Actual compensation varies depending on the individual’s knowledge, skills, experience, and location. This role may be eligible for discretionary bonuses and incentives. ​We understand that your career search may look different than others and embrace the professional, personal, educational, and volunteer opportunities through which people gain experience. If you are actively looking or starting to explore new opportunities, send us your application!​ Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or other characteristic protected by law. All qualified individuals are required to perform the essential functions of the job with or without reasonable accommodation. Due to the high volume of responses, we will only be able to respond to candidates of interest. All candidates must have valid authorization to work in the U.S. Thank you for your interest in Panasonic. #LI-AS1 #LI-REMOTE REQ-154395