Director, Cyber Security
We have an exciting opportunity for a Cyber Security Leader for North America. The Cyber Security Leader is responsible to mature and maintain the information security (IS) program so that information assets and associated technology, applications, systems, infrastructure and business processes are adequately protected in the digital ecosystem in which we operate. This position will be highly visible and will contribute significantly to the management of cyber risk. You will report to the CIO North America.
- Develop an enterprise cyber security program to identify, evaluate and report on Cybersecurity risks, while supporting business objectives.
- Own and continuously update information security policies, standards and guidelines.
- Implement appropriate second-line assurance related to confidentiality, integrity and availability, as well as the safety, privacy and recovery of information.
- Partner with senior leaders to determine cyber risk thresholds for the organization.
- Implement/manage a governance structure and program, and provide regular reporting on the current status to executive leadership.
- Manage security awareness training for all employees, contractors and approved system users.
- Understand and interact with related company disciplines (i.e. privacy, risk management, compliance) to ensure the consistent application of controls across all technology investments.
- Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
- Lead the cyber security function across the company to ensure consistent security management in support of business goals.
- Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and regulations.
- Ensure that security is embedded in the project delivery process by providing the appropriate policies, practices and guidelines.
- Develop and implement business continuity and incident response programs to ensure business-critical services, data, assets, intellectual property, and the company' s reputation are protected.
- Develop and enhance security management framework based on best practices.
- Consult with IT and business line staff to ensure that security controls are factored into the evaluation, selection, installation and configuration of Technology assets and processes.
- Perform security assessments for gap analysis and provide recommendations to close GAPs.
- Develop a common set of security monitoring tools. Define operational parameters for their use and conducts reviews of tool output.
- Bachelor of Science in Cyber Security, Information Systems, Information Management, Computer Science, Data Sciences or relevant field (Advanced Degree highly desired).
- Proven competency in cyber security with 7 to 10 years of relevant experience, including 5 years in a significant leadership role for a mid to large corporation.
- Relevant expertise and certifications.
- Acquisition integration experience.
- Experience of running a SOC whether internal or external for 24/7 security.
- Good knowledge of GDPR regulations.
- Good understanding of IT technology to oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes
- Understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization' s perimeter.
- A strong understanding of the business impact of security tools, security operations center, technologies and policies.
- Experience working with legal, audit, operations and compliance staff.
- Experience developing and maintaining policies, procedures, standards and guidelines.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA),
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Our client is an equal opportunity employer and is committed to providing a drug free workplace.