Director, Global Information Security

About the job

Establish Governance and Build Knowledge

• Facilitates an information security governance structure and co-chairs the Cyber Security Committee
• Provides regular reporting on the current status of the information security program to senior business leaders, Audit Committee and the board of directors on a regular basis
• Develops, socializes and coordinates approval and implementation of security policies
• Works with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations
• Oversees an information security awareness training program for all employees and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences

Lead the Organization

• Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
• Manages the budget for the information security function, monitoring and reporting discrepancies
• Manages the cost-efficient information security organization, consisting of direct reports, dotted line reports, and Managed Service providers
• Evolves an information security strategic roadmap that is aligned to organizational priorities and enables and facilitates the organization’s business objectives, and ensures senior stakeholder buy-in and mandate

Operate the Function

• Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
• Works with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
• Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
• Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines
• Knowledge of security issues, techniques and implications across UNIX, LINUX and Windows environments; experience with Active Directory, SAP, VMware and RSA. Knowledge of User Identity and Access Management (IAM) tools. Experience with SaaS solutions.
• Strong understanding of the business impact of security tools, technologies and policies. Ability to develop and articulate a compelling business case for recommended actions.
• Strong business acumen – ability to understand our strategic plan, mission-critical functions, and capabilities of the organization in order to deliver appropriate programs and solutions to support the business.
• Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company‘s reputation
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas

Qualified Candidates Will Have

• Demonstrated experience and success in leadership roles in risk management, information security, and IT or OT security
• Degree in business administration or a technology-related field, or equivalent work- or education-related experience

Desired, But Not Required

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
• Experience with contract and vendor negotiations

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, color, religion, age, national origin, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, military status, or disability status.

Relocation Available:

Yes, Within Country