Director, Information Security 1

Director, Information Security 1 General Overview Functional Area: Information Technology (ITM) Career Stream: IT Risk & Compliance (RAC) Role: Director (DR1) Job Title: Director, Information Security 1 Job Code: DR1-ITM-SECR Job Level: Level 12 Direct/Indirect Indicator: Indirect Summary We are seeking an experienced and strategic Director of Data Security and Governance to lead our comprehensive data protection program. This critical role involves establishing and enforcing data security policies to meet stringent regulatory requirements, including the International Traffic in Arms Regulations (ITAR) , and fulfilling complex data security obligations within commercial contracts. You will be responsible for building our data governance framework from the ground up, including implementing a robust data classification program and deploying modern security solutions like Data Security Posture Management (DSPM) and Data Rights Management (DRM) , in addition to managing the DLP program. Detailed Description Performs tasks such as, but not limited to, the following: Strategy & Policy Development : Design, implement, and oversee the enterprise-wide data security and governance strategy, policies, and standards. Compliance & Regulatory Oversight : Serve as the primary expert on data security requirements for ITAR and other government regulations. Ensure all data handling processes and systems are compliant with contractual and legal obligations. Data Classification Program : Develop and manage a corporate data classification policy and program. Work with business units to identify, classify, and protect sensitive and regulated data throughout its lifecycle. Technology Implementation : Lead the selection, implementation, and operationalization of a Data Security Posture Management (DSPM) solution to provide visibility and control over our data landscape. Data Rights Management (DRM) : Implement and manage a DRM solution to control access to and usage of sensitive data, ensuring that only authorized individuals can access and interact with protected information according to defined policies. Risk Management : Conduct regular data security risk assessments, identify vulnerabilities, and oversee remediation efforts to mitigate risks. Incident Response : Develop and lead the data-focused components of the incident response plan, including containment, investigation, and reporting of data breaches. Collaboration & Training : Partner closely with Legal, IT, Engineering, and business stakeholders to embed data security principles into their operations. Develop and deliver training programs to raise awareness about data governance and security best practices. Typical Experience Minimum of 10 years of experience in cybersecurity and data governance, with at least 4 years in a leadership role. Proven track record of successfully implementing a data classification program across an enterprise. Direct experience with the procurement and deployment of DSPM and DRM technologies. Skills & Knowledge Deep understanding of data protection principles, including encryption, access control, data loss prevention (DLP), and data discovery. Expert knowledge of security frameworks such as NIST Cybersecurity Framework, NIST 800-171, and ISO 27001. Excellent project management skills and the ability to lead cross-functional teams. Strong communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences. Certifications (Preferred) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Privacy Professional (CIPP) Typical Education Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent experience. A Master's degree is a plus. Educational requirements may vary by geography. Physical Demands Duties of this position are performed in a normal office environment. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required. Notes This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protected veteran. Celestica's policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law. This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines. Location This location is a US ITAR facility and these positions will involve the release of export controlled goods either directly to employees or through the employee's movement within the facility. As such, Celestica will require necessary information from all applicants upon an applicant's acceptance of employment to determine if any export control exemptions or licenses must be filed. #J-18808-Ljbffr Celestica Inc.