Sr Director, Cyber Security
Company: TreeHouse Foods
Location: Oak Brook
Posted on: May 5, 2024
|
|
Job Description:
Employee Type:Full timeLocation:IL Oak BrookJob Type:Information
TechnologyJob Posting Title:Sr Director, Cyber Security About
Us:
TreeHouse Foods (NYSE: THS) is a leading manufacturer of private
label packaged foods and beverages, operating a network of
production facilities across the United States and Canada. At
TreeHouse Foods, our commitment to excellence extends beyond our
products and revolves around our people. We are investing in talent
and creating a performance-based culture where employees can do
their best work, directly impacting our mission to make high
quality, affordable food for our customers, communities and
families. We hope you will consider joining the team and being part
of our future . What You Gain:
Competitive compensation and benefits program
Enrollment in our wellness and employee assistance programs
Paid holidays, vacation, and other competitive paid time off
opportunities
An inclusive working environment where you can build meaningful
work relationships with a diverse group of people
Leaders who are invested in supporting your career growth
Opportunities to be recognized for outstanding contributions to
your
team through our employee recognition programs Job
Description:About the Role:The Senior Director, Cyber security will
be responsible for implementing and running the enterprise cyber
security program. That will involve identifying, evaluating, and
reporting on cybersecurity risk to information assets, while
supporting and advancing business objectives.The Senior Director,
Cyber security position requires a visionary leader with sound
knowledge of business management and a working knowledge of
cybersecurity technologies covering the corporate network as well
as the broader digital ecosystem. The Senior Director, Cyber
security is responsible for establishing and maintaining the cyber
security program to ensure that information assets and associated
technology, applications, systems, infrastructure and processes are
adequately protected in the digital ecosystem in which we operate.A
key element of the Senior Director, Information Security's role is
working with the CIO and executive team to determine acceptable
levels of risk for the organization. He or she will proactively
work with business units and ecosystem partners to implement
practices that meet agreed-on policies and standards for
information security. The Senior Director, Cyber security should
understand and articulate the impact of cybersecurity on the
business and be able to communicate this to the board of directors
and other senior stakeholders.The Senior Director, Cyber security
must be knowledgeable about both internal and external business
environments and ensure that information systems are maintained in
a fully functional and secure mode and are compliant with legal,
regulatory and contractual obligations. He or she serves as the
process owner of the appropriate second-line assurance activities
not only related to confidentiality, integrity and availability,
but also to the safety, privacy and recovery of information owned
or processed by the business in compliance with regulatory
requirements. The Senior Director, Cyber security understands that
securing information assets and associated technology,
applications, systems and processes in the wider ecosystem in which
the organization operates is as important as protecting information
within the organization's perimeter.The ideal candidate is a
thought leader, a builder of consensus and of bridges between
business and technology. He or she is an integrator of people,
process, and technology. While the Senior Director, Cyber security
is the leader of the cyber security program, they must also be able
to coordinate disparate drivers, constraints and personalities,
while maintaining objectivity and a strong understanding that
cybersecurity is foundational for the organization to deliver on
its business goals and objectives. Ultimately, the Senior Director,
Cyber security is a business leader, and should have a track record
of competency in the field of cyber security and/or risk
management, with seven to 10 years of relevant experience,
including five years in a significant leadership role. You'll add
value to this role by performing various functions including, but
not limited to:Establish Governance and Build KnowledgeFacilitates
a cyber security governance structure through a governance program,
including the corporate cybersecurity steering
committee.Responsible for regular reporting on the current status
of the cyber security program to enterprise risk teams, senior
business leaders and the board of directors as part of a strategic
enterprise risk management program, thus supporting business
outcomes.Develops, socializes and coordinates approval and
implementation of security policiesWorks with the vendor management
office to ensure that cyber security requirements are included in
contracts by liaising with vendor management and procurement
organizationsDirects the creation of a targeted cyber security
awareness training program for all employees, contractors and
approved system users, and establishes metrics to measure the
effectiveness of this security training program for the different
audiencesUnderstands and interacts with related disciplines, either
directly or through committees, to ensure the consistent
application of policies and standards across all technology
projects, systems and services, including privacy, risk management,
compliance and business continuity management.Provides clear risk
mitigating directives for projects with components in IT, including
the mandatory application of controls.Embeds Cyber Judgement across
a decentralized or distributed decision making modelLeads the
security champion program to mobilize employees in all
locations.Lead the OrganizationLeads the cyber security function
across the company to ensure consistent and high-quality cyber
security management in support of the business goals.Determines the
cyber security approach and operating model in consultation with
stakeholders and aligned with the risk management approach and
compliance monitoring of non-digital risk areas.Manages the budget
for the cyber security function, monitoring and reporting
discrepanciesManages the cost-efficient cyber security
organization, consisting of direct reports and dotted line reports
(such as individuals in business continuity and IT operations).
This includes hiring (and conducting background checks), training,
staff development, performance management and annual performance
reviews.Set the StrategyDevelops a cyber security vision and
strategy that is aligned to organizational priorities and enables
and facilitates the organization's business objectives, and ensures
senior stakeholder buy-in and mandate.Develops, implements and
monitors a strategic, comprehensive cyber security program to
ensure appropriate levels of confidentiality, integrity,
availability, safety, privacy and recovery of information assets
owned, controlled or/and processed by the organization.Develop the
FrameworksDevelops and enhances an up-to-date cyber security
management framework based on the National Institute of Standards
and Technology (NIST) Cybersecurity Framework.Creates and manages a
unified and flexible, risk-based control framework to integrate and
normalize the wide variety and ever-changing requirements resulting
from global laws, standards and regulationsDevelops and maintains a
document framework of continuously up-to-date cyber security
policies, standards and guidelines. Oversees the approval and
publication of these cyber security policies and
practicesFacilitates a metrics and reporting framework to measure
the efficiency and effectiveness of the program, facilitates
appropriate resource allocation, and increases the maturity of the
information security, and reviews it with stakeholders at the
executive level.Build the Network and Communicate the VisionCreates
the necessary internal networks among the cyber security team and
line-of-business executives, corporate compliance, audit, physical
security, legal and HR management teams to ensure alignment as
required.Builds and nurtures external networks consisting of
industry peers, ecosystem partners, vendors and other relevant
parties to address common trends, findings, incidents and
cybersecurity risksLiaises with external agencies, such as law
enforcement and other advisory bodies, as necessary, to ensure that
the organization maintains a strong security posture and is kept
well-abreast of the relevant threats identified by these
agenciesLiaises with the enterprise architecture team to build
alignment between the security and enterprise (reference)
architectures, thus ensuring that cyber security requirements are
implicit in these architectures and security is built in by
designOperate the FunctionCreates a risk-based process for the
assessment and mitigation of any cyber security risk in the
ecosystem consisting of supply chain partners, vendors, consumers
and any other third partiesWorks with the compliance staff to
ensure that all information owned, collected or controlled by or on
behalf of the company is processed and stored in accordance with
applicable laws and other global regulatory requirements, such as
data privacyDefines and facilitates the processes for cyber
security risk and for legal and regulatory assessments, including
the reporting and oversight of treatment efforts to address
negative findingsEnsures that security is embedded in the project
delivery process by providing the appropriate cyber security
policies, practices and guidelinesManages and contains cyber
security incidents and events to protect corporate IT assets,
intellectual property, regulated data and the company's
reputationMonitors the external threat environment for emerging
threats, and advises relevant stakeholders on the appropriate
courses of actionDevelops and oversees effective disaster recovery
policies and standards to align with the enterprise business
continuity and disaster recovery programs, with the realization
that components supporting primary business processes may be
outside the corporate perimeterCoordinates the development of
implementation of incident response plans and procedures to ensure
that business-critical services are recovered in the event of a
security eventFacilitates and supports the development of asset
inventories, including information assets in cloud services and in
other parties in the organization's ecosystemImportant Details:
This is an hybrid
position.About You:You'll fit right in if you have:Demonstrated
experience and success in senior leadership roles in risk
management, information security, and IT or OT securityDegree in
business administration or a technology-related field, or
equivalent work- or education-related experienceDesired, but not
required:Certified Information Systems Security Professional
(CISSP), Certified Cyber securityManager (CISM), Certified
Information Systems Auditor (CISA), Certified in Risk and
Information Systems Control (CRISC) or other similar
credentialsExperience successfully executing programs that meet the
objectives of excellence in a dynamic business
environmentExperience with contract and vendor
negotiationsTechnical and Business ExperienceKnowledge and
understanding of relevant legal and regulatory
requirementsKnowledge of common cyber security management
frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those
from NIST, including 800-53 and Cybersecurity FrameworkSound
knowledge of business management and a working knowledge of cyber
security risk management and cybersecurity technologiesUp-to-date
knowledge of methodologies and trends in both business and
ITKnowledge and SkillsExcellent written and verbal communication
skills, interpersonal and collaborative skills, and the ability to
communicate cyber security and risk-related concepts to technical
and nontechnical audiences at various hierarchical levels, ranging
from board members to technical specialistsStrategic leader and
builder of both vision and bridges, and able to energize the
appropriate teams in the organizationAbility to lead and motivate
the cyber security team to achieve tactical and strategic goals,
even when only "dotted line" reporting lines existExcellent
stakeholder management skillsExcellent analytical skills, the
ability to manage multiple projects under strict timelines, as well
as the ability to work well in a demanding, dynamic environment and
meet overall objectivesProject management skills: financial/budget
management, scheduling and resource managementA master of
influencing entities and decisions in situations where no formal
reporting structures exist, but achieving the desirable outcome is
vital Your TreeHouse Foods Career is Just a Click Away!
Click on the "Apply" button or go directly to
www.treehousefoods.com/careers
to let us know you're ready to join our team! TreeHouse Use Only:
#IND1
Keywords: TreeHouse Foods, Gary , Sr Director, Cyber Security, Accounting, Auditing , Oak Brook, Indiana
Click
here to apply!
|