Vacancy caducado!
Job Description
DescriptionMake the world smarter, safer and better for everyone. We're a global team of innovators who design and create solutions for businesses where data, technology and the complex electronic solutions that harness them are being transformed by rapid change. We are seeking a visionary leader as a Chief Information Security Officer (CISO) to be responsible for implementing and running the enterprise information security program This role will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process, and technology. While the CISO is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives.What You Will Do In Your RoleResponsibilitiesAt a high level, responsibilities can be summarized below, but are not limited to the following areasThis role will provide various fulfilling and challenging responsibilities and tasks.Establish Governance and Build Knowledge- Facilitates an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board
- Provides regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes
- Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate
- Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization
- Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
- Manages the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes training, staff development, performance management and annual performance reviews
- Develops and enhances an up-to-date information security management framework right sized for our Operating Model
- Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels
- Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required
- Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design
- Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
- Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
- Bachelors degree in business administration or a technology-related field, or equivalent work- or experience
- Experience working with up-to-date methodologies and trends in business and IT (i.e. Agile)
- 10+ years of relevant cybersecurity experience with working knowledge of information security risk management and cybersecurity technologies
- 5+ years of demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security
- Experience successfully executing on multiple programs under strict deadlines that meet the objectives of excellence in a dynamic business environment
- Experience with contract and vendor negotiations
- Experience with a global manufacturing footprint
- Knowledge of legal and relevant requirements and common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
- Experience communicating and presenting cross functionally to all levels within an organization including company board members
- Experience with financial/budget management, scheduling, resource and people management
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
- Experience building a strategy and energizing the appropriate team to execute on the vision
- Masters degree in Information Technology
- Strong quantitative and analytical abilities with deep understanding of how to develop relevant metrics that not only track activity, but also quantify the impact of security initiatives on the financial performance of the business
- Experience in designing enterprise-wide information & physical security organizational structures and processes
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
- Excellent executive communication skills
Vacancy caducado!