Director of Security Governance and Risk
We are seeking a Director of Security Governance and Risk to be responsible for building, implementing, and executing a Governance and Risk Program that will identify, evaluate, and monitor the overall security risk profile across the company by assessing the effectiveness of compliance processes. This person is responsible for defining and aligning strategies for the governance and risk team and ensuring exposures to cyber risks are identified and managed at an acceptable level.
The Director of Security Governance and Risk will drive the business in achieving its’ objectives through the proactive evaluation and enhancement of the compliance program activities and controls that prevent or mitigate the impact of compliance risk.
- Collaborate with Legal, Privacy, Compliance and key business leaders to identify information management and protection laws and regulations and implement actions to ensure compliance
- Identify global cyber security regulatory, legislative, and industry specific compliance requirements
- Establish annual and long-term goals, defining risk and governance strategies, metrics, and reporting mechanisms
- Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks.
- Support the development of executive and board level communications as related to corporate cybersecurity posture
- Develop, document, and assess measures, metrics, and internal controls related to cyber security program maturity
- Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards
- Collaborate across the Brands, Legal, Regional Information Security and Compliance Teams, IT teams, HR and Global Data Privacy Council in the development of global security policies
- Champion the annual global security policies and standards review with key stakeholders to ensure alignment with corporate business strategy, cybersecurity strategy and regulatory requirements.
- Develop and manage the cybersecurity risk management strategy, framework and approach.
- Integrate cyber security risk reporting and aggregate reporting into an Enterprise risk framework.
- Provide briefings to leadership and advise of critical issues that may affect business or enterprise cybersecurity objectives in partnership with the Regional Information Security Officers
- Partner with Global Security Architecture & Engineering, Global Threat Intelligence & Readiness, and Compliance Assurance teams, to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise security risk
- Develop and maintain a Security Risk Management Framework (RMF) per industry standards and applicability (E.g. NIST CSF). Perform annual Security Risk Assessment against RMF
- Recommend programs to enhance maturity in Security and track their progress
- Evaluate existing risk monitoring metrics and tools, develop metrics and insights, and seek to enhance maturity of analytics.
- Monitor compliance to the controls and catalog risk assessment utilized by the business as it pertains to security risk and evaluate for best practices and gaps.
- Identify, engage, coach and broker appropriate talent to ensure highest performance of Governance and Risk function.
- Set team’s goals and coach the team members to attain maximum productivity through motivation and dedication.
- Bachelor’s degree in information security, Information Technology, Audit, Risk Management
- Certified in Governance of Enterprise IT (CGEIT)
- 10+ years of progressive IT, auditing, investigations, strategic risk management, and/or business/management consulting
- 3-5 years’ experience managing cross-functional, multi-business unit projects reflective of leadership role.
- Experience building and/or growing an IT Security practice with direct hands-on technology skillsets.