*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Enterprise Company is currently seeking a Director of Information Security Governance and Risk Management. Candidate is responsible for establishing and maintaining the Enterprise Information Security Governance and Risk Management program to ensure information assets and technologies are adequately protected. The director leads staff in identifying, developing, implementing, and maintaining policies and standards across the enterprise to reduce information and information technology (IT) risks. Develops and maintains a comprehensive security awareness and training program and identifies, tracks and oversees the remediation of security vulnerabilities and risks to the organization.
- Work with business partners to ensure security compliance of technical solutions
- Develop, publish, and deploy information security policies and procedures for the enterprise, including network, platform, and endpoint security; access management; and threat prevention, detection, and response
- Partner with the enterprise architecture team and other key IT leaders to create, publish, and continuously improve the information security architecture for the enterprise
- Develop and maintain a Risk Register to log and rate security risks. Use the Risk Register to guide prioritization of projects and deployment roadmap
- Socialize and implement the organization's information security policies, standards, and procedures and disaster recovery policies and procedures and monitor compliance.
- Coordinate information security compliance activities
- Develop and deploy security governance. Partner with the Program Management Office to integrate with other governance procedures as needed.
- Develop strategic partnerships in the Wine and Spirits industry, including information security leaders within SGWS's suppliers
- Monitor compliance with the enterprise information security policies, standards, and procedures among employees, contractors, alliances, and other third parties.
- Perform information security risk analysis and periodic information system activity audits/reviews for information security processes
- Initiate, facilitate, and promote activities and training to foster information security awareness across the full Southern Glazer's enterprise
- Stay current on changes in legislation, accreditation standards, and threats that affect information security
- Recruit, hire, train and develop high performing information security team.
- Effectively administer performance management systems and reviews
- Develop a full Governance and Risk Management program to protect our business, including current situation assessment, proposed future state, and multi-year deployment roadmap.
- Design and implement security standards to support the data security needs of systems being developed
- Bachelor's degree in related field or equivalent experience
- 10 or more years of work experience in IT with a broad range of exposure to different platforms and technologies
- 7 or more years of experience with enterprise information security
- 5 or more years in an information security leadership role
- Strong track record of successful appointments in similar roles within IT
- History of strong client support through technology management
- Experience managing technology teams
- Successful track record with managing offshore/onshore resources
- Expertise in leading and developing successful teams
- Relevant industry experience
- Technical background with project management
- Experience with managing an information security program
- Financial budget management experience
- Experience directing a team of information security, security managers, security analysts, security engineers, security administrator and Matrix management of technology risk managers
- Strong balance of business acumen and technology knowledge
- Good verbal/written communication skills
- Strong attention to detail
- Strong team player who can work across multiple functions and lead peers
- Master's degree
- Experience with GRC tools
- Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM) certification
- Experience in food and beverage, CPG or distribution industry