Global Director Cyber Security

Location: Chicago, IL 

 

SEND RESUME

Overview/Summary

Our client is a global manufacturing market leader with an expanding product portfolio. The organization has experienced sustained and significant growth and due to that as well as an elevated focus on securing their enterprise environment, they have created a Director of IT Security position to formulate a new enterprise cyber security strategy and vision.

Reporting directly to the CIO and serving as the most senior level security professional in the organization, this person will be responsible for designing and implementing the information security program to ensure that information assets and the associated technology, applications, systems, infrastructure and processes are protected. Requires strategic and results experience to lead the overall information security strategy, vulnerability management, incident management, execution of application security standards, and security monitoring, with a global focus. Also responsible for identifying, evaluating and reporting on legal and regulatory items, IT, fraud and cyber security risk to information assets, while supporting and advancing business objectives.

• Determine global vision for information security assets, policies, and standards.
• Develop and maintain continuous up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these policies and procedures.
• Identify and communicate security protection goals and objectives with suitable measurement
• KPIs to support the business security requirements.
• Provide regular reporting on current status of information security program to senior leadership team
• Audit all aspects of information security and facilitate integration with revenue optimization, fraud, and merchant management teams to ensure that all information owned, collected or controlled by or on behalf of the Company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Evaluate and provide recommendation for risk mitigation and insurance policies for cybersecurity.
• Define and monitor the information security incident processes to include incident response procedures and SWAT approach for resolution; coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security incident; provide direction, support and in-house consulting in these areas.
• Partner with the enterprise architecture teams to build alignment between security and enterprise (reference) architectures and secure coding standards, to ensure information security requirements are implicit and built in to product design and development.
• Define and build partnerships with external partners for providing forensic investigation, incident response support and other services as identified.
• Serve as an internal information security consultant to the various business stakeholders to assist / advise / educate on all aspects of information security and compliance.
• Ensure proper access controls and identity verification are in place.
• Ensure effective levels of data asset protection are in place and monitored including data loss / data leakage and intrusion detection and prevention.
• Actively collaborate with the Company’s other functional departments charged with security matters (Facilities, Finance, Legal, Human Resources, etc.) to build and maintain a comprehensive global security program for the Company.
• Initiate, facilitate, and promote activities to create information security awareness within the organization.
• Provide direct information security training to the workforce.
• Establish governance and monitor compliance with the organization’s security policies and procedures among Associates, contractors and other third parties and take corrective action where necessary, including roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets.
• Create and manage a unified control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
• Monitor advancements in information security technologies and make recommendations for protocols.
• Build and maintain external networks consisting of industry peers, ecosystem partners, vendors, and security entities (FBI, USSS, Local Law Enforcement, etc.) to address common trends, findings, incidents and cybersecurity risks.

 

Required/Preferred Skills and Experience:

• Bachelor’s degree in Business Administration or related field. CISSP-ISSMP, CISM, CISA or similar industry certifications preferred.
• Minimum of 12 years of experience in a combination of risk management, information security and IT roles with at least five years in an information security role.
• Minimum of five years of experience in an IT leadership role, preferably in information security.
• Subject matter expert in PCI and GDPR compliance as well as ISO270001 and NIST Security Frameworks.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of security and compliance.
• Extensive knowledge of their discipline and a working knowledge of related fields.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations
• Outstanding leadership skills including communication, ability to collaborate with and influence others, sense of urgency, nimbleness, creative thinking and personal integrity
• Strong people leadership skills including development, mentoring, coaching, motivation, and ensuring a collaborative work environment.
• Project management skills including financial/budget management, scheduling and resource management.
• Ability to recognize and execute on strategic and adjacent opportunities to create efficiencies or reduce risk.
• Able to direct and control the activities of information security.
• Previous experience working with other senior managers with establishing strategic plans and objectives.
• Able to make final decisions on administrative or operational matters and ensure objectives are achieved.
• Able to participate in corporate development of methods, techniques, and evaluation criteria for projects, programs, and people.
• Demonstrated ability of working on complex issues where analysis of situations or data requires in-depth knowledge of the Company.
• Past interaction with executives and/or major customers involving negotiation or attempting to influence senior level leaders regarding matters of significance to the organization.
• Past experience having overall control of planning, staffing, budgeting, managing expense priorities, and recommending, and implementing change.

 

SEND RESUME