VP, Cyber & CISO

About the job Job Summary The VP, Cyber and CISO (Chief Information Security Officer) is responsible for establishing, implementing, monitoring and enforcing a corporate-wide information security management program to help ensure that information assets are protected. This position is responsible for proactively identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company. The CISO has responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures and overseen by a security governance program. Essential Functions Program Leadership Responsible for the strategic leadership of the information security program. Develops, implements and monitors a strategic, comprehensive enterprise information security program to ensure that the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization. Leads the Cybersecurity compliance activities that enable the business to become and remain compliant with various regulatory programs to include PCI, GDPR, and CCPA. Facilitates information security governance through the implementation of a governance program. Establishes annual and long-range security and compliance goals, defines security strategies, metrics, reporting mechanisms and program services; and creates a roadmap for continual program improvements. Provides regular and consistent reporting on the current status of the information security program to senior business leaders. Develops and oversees effective business continuity and disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Develops and enhances an information security management and control framework based on appropriate information security industry standards to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the security. Risk Management and Incident Response Keeps abreast of security incidents and acts as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. Manages security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation. Defines and facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings. Develops, implements and administers technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Provides leadership, direction and guidance in assessing and evaluating information security risks and monitors compliance with security standards and appropriate policies. Creates a framework for roles and responsibilities regarding information ownership, classification, accountability and protection. Examines impacts of new technologies on the company’s overall information security. Establishes processes to review implementation of new technologies to ensure security compliance. Policy, Compliance and Audit Develops, maintains and publishes up-to-date information security policies, standards and guidelines. Oversees the approval, training, and dissemination of security policies and practices. Leads efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information technology systems. Works with Internal Audit and outside consultants as appropriate on required security assessments and audits. Ensures that security programs follow relevant laws, regulations and policies to minimize risk and audit findings. Provides guidance, evaluation and advocacy on audit responses. Outreach, Education and Training Creates education and awareness programs and advises departments on all levels on security issues, best practices, and vulnerabilities. Pursues security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program. Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action. Coordinates information security projects with resources from IT and business unit teams. Builds and Directs a High Functioning Team (Directors, VPs, and Presidents) Holds others accountable for conducting business in a legal and ethical manner while complying with policies, laws, and regulations related to business and employment. Oversees people processes and programs across the team to ensure talent for current and future needs by providing operational, functional, and technical leadership. Attracts, retains, and develops highly effective professionals and support staff. Cultivates a bench of leadership and talent to deliver results and support future growth. Determines work methods and directs the work of associates. Drives the establishment of performance goals and provides on-going feedback, coaching, and development to enhance the team’s performance and capability, to facilitate open communication, and to encourage continuous performance improvement. Evaluates and determines the hiring, promotion, salary recommendations, and all employment-related decisions. Identifies individual and team skill gaps, developmental areas, and opportunities (e.g., training, special assignments, projects, etc.) to advance individual and team capability. Recognizes initiative, innovation, and work well done to create a positive work environment of excellence. Qualifications: Bachelor's Degree, Information Systems or related discipline, Required Work Experience 15+ years of experience in information technology, Required 5+ years of experience in Information Security Operations Management, Required Skills Knowledge of security standards: ISO, NIST Knowledge of current compliance requirements (e.g, SOX, PCI, GDPR, CCPA etc.); Ability to understand, analyze, and interpret complex legal, regulatory, and IT-related documents Ability to communicate complex, technical concepts to executive team, business leaders and technical Ability to develop and maintain positive business relationships and foster an environment of mutual respect, understanding, trust, and support Ability to facilitate the resolution of different views Ability to assess situations, provide counsel, and identify solutions that resolve disputes/issues, while considering the best interests of all parties; to develop and implement short and long-term solutions; and to apply effective problem solving and decision-making to address business needs and issues Ability to adapt and adjust planned work through analyzing work demands, competing priorities, and tight deadlines; to understand the most effective and efficient means to accomplish tasks within the parameters of the organizational structure, processes, systems, and policies Ability to exercise judgment and discretion in dealing with matters of significance and sensitive nature Certifications Certified Information Systems Security Professional (CISSP), Preferred Certified in Risk and Information Systems Control (CRISC), Preferred Certified Information Security Manager (CISM), Preferred Certified in the Governance of Enterprise IT (CGEIT), Preferred Certified Data Privacy Solutions Engineer (CDPSE), Preferred Certified Information Systems Auditor (CISA), Preferred Travel Requirement May be required to travel up to 25% of the time #J-18808-Ljbffr The Security Executive Council