Director, Information Security

Job Accountabilities

Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals.

Crown Holdings is seeking an Information Security Director to join our growing Information Security team. Position requires a highly motivated Information Security Director with experience in leading and developing information security teams. This position will report directly to the Chief Information Security Officer at our Corporate Headquarters in Yardley, PA.

This role will coordinate the development and implementation of a risk-based approach to information security. The position is an ideal opportunity for an experienced leader excited by the challenge of building a new program or a rising leader seeking their first opportunity to direct a comprehensive security strategy. The position is an ideal platform for career growth and achievement. The successful candidate will engage with members of the global security and IT leadership team, to facilitate the development of policies, work with a broad portfolio of technologies, and create strategic plans and roadmaps that will shape Crown’s response to changing risks and threats. The Director will guide and lead several regional security directors and have opportunity to shape Crown’s information security strategy on all levels.

Key Responsibilities:
Drive all efforts to elevate Crown’s security posture not only to meet the legal and regulatory requirements but also to satisfy the high bar we have for protecting our information systems, data, and employees.

Work with global stakeholders at all levels across the company to understand business processes and lead the development of security controls aligned with these processes.

Break new ground by leading, developing, and implementing a global comprehensive security program, oversee information security governance, security incident response, identify business risks most relevant to the company, advise CISO and other senior security leaders on information security strategy and resource investments, create appropriate policies, implement effective practices for security awareness and identify, evaluate and report on information security risks in a manner that meets business, compliance and regulatory requirements.

Position requires a leadership approach that is engaging, collaborative and business driven with the strong ability to work with peers and executive leaders to best balance between business, security, IT and Engineering priorities.

Provide leadership, technical/strategic direction to regional information security leaders. Develop critical relationships with IT and functional organizations.

Define metrics and reporting strategies that effectively communicate successes and progress of the security program to executive leadership.

Serves as Crown Security Incident Manager; supervise & lead security events and investigations and participate in problem and change management forums.

Invoke Crown security incident response plan and facilitate the reporting and remediation, when necessary.

Direct activities of threat and vulnerability management, information security operations, and identification of risk tolerances, recommended treatment plans and communication on residual risk.

Lead all internal and external cybersecurity assessment activities as well as external audits.

Assist in engagements with regulatory bodies, customers, and partners on information security matters.
Review, approve, develop, and train on information protection policies and procedures. Ensures deployment of effective training across the company, robust security operations, and compliance with those policies and procedures.

Job Requirements

Minimum Requirements

Bachelor’s degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is a plus

Minimum of 10 years of IT experience, with 8 years in an information security role

Strong leadership skills and the ability to work effectively with IT leadership teams, IT Infrastructure, and Engineering management

CISSP and/or CISM certifications

Proven experience with business impact and risk assessments, information security audits of IT infrastructure, software systems and cloud-based security operations.

Experience driving or overseeing application security reviews, penetration testing and vulnerability management activities.

Knowledge and understanding of information security frameworks and standards such as NIST and ISO 27001.

Proven experience successfully leading high-growth organizations through standard security and compliance certifications.

Experience with developing and operating security monitoring and incident response programs and relevant tools (SIEM).
Experience in securing public cloud environments such as (AWS, GCP or Azure) and modern / cloud-native software stack via threat modeling, ‘defense-in-depth’ architectures, and application security best practices.

Nice to Haves:
Experience with Zero Trust Architecture

Familiarity with applicable legal and regulatory requirements – SOX, HIPAA, GDPR etc.
Strong project management skills and experience in managing project plans, including budgeting and resource allocation.

Travel

20 – 30%

Crown is an equal opportunity employer. Crown does not discriminate against any candidate or employee on the basis of race, national origin, sex, marital status, sexual orientation, age, disability, religion, veteran status, or any other status protected by law.