Vice President - IT, Cybersecurity, Risk and Compliance

Description

• Ensures that the function is the focal point for IT security incident response planning, execution, and awareness to ensure the proper level of executive visibility and that the crisis is managed properly both internally and externally. Leads and oversees cyber security incidents.
• Directs the creation of a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences
• Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem
• Develops and oversees effective resilience policies and standards to align with the enterprise resilience program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter
• Defines, classifies, and identifies critical information assets, and performs assessments of threats and vulnerabilities regarding those. Implements safeguard recommendations for identified assets.
• Leads the cybersecurity function across the company to ensure consistent and high-quality information security management in support of the business goals
• Determines the cybersecurity approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas
• Serves as a liaison to the physical security department regarding overlapping information security issues, such as investigations, badge access, and associated issues pertaining to information technology. This may include background checks for security-sensitive positions and terminations due to policy non-compliance.
• Evangelizes and champions IT security programs across the business. using a variety of change management tools. Advises business leaders and technical personnel on the implementation of security programs in their respective areas. Provides on-going associate awareness and training programs.
• Oversees the investigation of security breaches and policy violations, helping with disciplinary and legal matters as necessary.
• Develops, socializes and coordinates approval and implementation of security policies
• Ensures that security is embedded in the project delivery process by providing the appropriate cybersecurity policies, practices and guidelines
• Provides regular reporting on the current status of the cybersecurity program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes
• Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
• Takes ownership of the framework and risk analysis and assessment and acceptance processes to review new facilities, applications, or technology environments during the development or acquisitions process to ensure compliance with corporate security policies and directions.
• Creates, implements, and manages the enterprise-wide and risk-based IT cyber security strategies consistent with overall corporate and IT strategic plans.
• Works effectively with business units to facilitate cybersecurity risk assessment and risk management processes, and empowers them to make the right decisions that fall within the risk appetite of their organization.
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
• Facilitates a cybersecurity governance structure through the implementation of a hierarchical governance program, including the formation of a cybersecurity steering committee or advisory board
• Manages the cybersecurity budget, including monitoring and reporting discrepancies
• Proactively identifies and evaluates risks and is transparent in reporting findings that meet compliance and regulatory requirements.
• Advises on the identification of non-IT managed IT services in use ("citizen IT") and on facilitating a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this cybersecurity risk is clear
• Supports, coaches, and consults for new business initiatives to ensure alignment and compliance of these projects/initiatives with the IT Security risk and control framework. Ensure adherence through auditing and review. Serves as a liaison between Internal Audit and IT for review of all audit reports and responses to ensure timeliness and the effectiveness of the corrective actions.
• Advises on the cyber risk posture of the organization, including the mandatory application of controls
• Delivers return on investment-justified architectures/solutions enabling required compliance.
• Works with the vendor management office to ensure that cybersecurity requirements are included in contracts by liaising with vendor management and procurement organizations
• Manages and contains cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
• Provides leadership, coaching, and talent management of a global team to drive engagement, effective delivery, and associate development.
• Owns the security champion program to mobilize employees in all locations
• Develops and maintains IT security policies, standards, and guidelines related to personnel, data, and technology assets.
• Serves as a member of the Information Technology leadership team, contributing as a thought partner and representative of the function as the department interfaces with senior management and the C-Suite.

Requirements

• 10+ years of proven leadership of a global team in a diverse, multi-region, complex, cross-functional enterprise, with an emphasis on cyber security, risk, and compliance. Must possess depth of experience in infrastructure technology, systems development, audit, and risk management.
• Experience working on a private equity owned company or a traded public company (desired).
• Embeds Cyber Judgement across a centralized or decentralized or distributed decision making model
• Bachelor’s degree in information technology or related field required, with a preference towards a master’s degree, ideally in business.
• Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials (desired)
• Experience with contract and vendor negotiations

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance