|Location||Hoffman Estates, IL|
|Date Posted||November 14, 2019|
GLOBAL INFOSEC MANAGER
A global consumer goods organization is actively seeking an experienced Global Information Security Manager to join their local team. The main responsibilities of the Global InfoSec Manager will focus on taking over and enhancing the information security program, risk management and regulatory compliance. The Global InfoSec Manager should have a strong technical background and will be accountable for helping define, create, drive, deliver, manage and maintain the information security and compliance program governance architecture, policies, processes, infrastructure and operations throughout the global enterprise. Ideal candidates will have a strong cybersecurity background, demonstrable information technology technical skills, enterprise risk management, security controls implementation and the ability to ensure that information assets with associated business processes are adequately protected across the enterprise ecosystem. The position requires a strategic results-driven individual that understands the convergence needed to execute the overall information security strategy while partnering with leadership to design controls and service alternatives that improve our defenses against insider risks and external threats.
Design, implement and maintain the enterprise's security and compliance governance architecture, systems and processes that provide maximized protections aligned with business outcomes and risk tolerance.
Create, execute and maintain the enterprise's Information Security Awareness training program.
Create, maintain and periodically test business continuity and disaster recovery plans, processes and runbooks to meet business goals.
Create and maintain the enterprise's security and compliance documents (policies, standards, baselines, guidelines and procedures) and help ensure their enforcement.
Design and oversee incident response efforts relating to information security. Perform deep analysis and document the events as well as coordinate response efforts and execute recommended solutions.
Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise's existing procurement processes.
Act as the subject matter expert on all areas relating to PCI, GDPR and NIST Cybersecurity framework while conducting and maintaining awareness and assessment of security risks to applications and infrastructure using industry standard tools and methodologies.
Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise networks, cloud, workstations, servers, databases, data repositories and other systems.
Supervise all investigations into problematic activity and provide on-going communication with senior management.
Ensure that third-parties with access to company data are regularly evaluated for appropriate information security and privacy controls.
Define and implement standards and processes for backups that are compliant with business practices.
Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
Forecast growth in security infrastructure needs for resource and budget planning as well as life cycle management of the infrastructure.
Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security policies and regulatory requirements.
Design and perform reengineering of processes and procedures in need of remediation.
Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.
Design enhancement for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.