Global Senior Director of Information Security and Risk Management

Global Senior Director of Information Security and Risk Management
NEW YORK - UNITED STATES
Summary
REQ ID
74834
POSTED
FUNCTION
IT
LOCATION
New York - United States

Global Senior Director of Information Security and Risk Management

Information Technology

New York, NY

 

Job Description

The Global Director of Information Security and Risk Management is responsible for establishing and maintaining corporate wide information security and risk management programs to ensure that information assets are adequately protected. This position will lead the global Information Security program and is responsible for identifying, evaluating and reporting on security risks as well as owning and driving the enterprise wide Cybersecurity program. This position requires a visionary leader with strong skills in technology, security, and risk management. The director will proactively work with Coty Information Technology teams and business units to implement practices that meet defined policies and standards for information security.

The Global Director of Information Security and Risk Management serves as the process owner of all ongoing activities related to the integrity and confidentiality of customer’s, business partner’s, employees and business information, as well as compliance with the organization's information security policies. A key element of this role is working with executive management to determine acceptable levels of risk for the organization. He or she must be highly knowledgeable about the business environment and must ensure that information system controls are maintained in a fully functional, secure mode.

The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, an effective consultant and should possess solid domain competency in the field of information security by having 8 to 10 years of direct experience in this significant leadership role.

Responsibilities Include, but are not limited to:

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management programs to ensure the integrity, confidentiality and availability of information owned, controlled or processed by Coty.
  • Manage the enterprise's security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and risk management roles), including hiring, training, staff development, performance management and annual compensation review.
  • Develop, communicate and ensure compliance with Coty’s information security policies and standards.
  • Develop and manage information security budgets and monitor them for variances.
  • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users as needed.
  • Work directly with the business units to facilitate risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification, protection and security issue resolution
  • Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 27001/2, the NIST Cybersecurity Framework, or the CIS Top 20. 
  • Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls during Architectural Review Boards.
  • Liaise with the IT Business Facing Team to ensure alignment between the security and enterprise solution designers, thus coordinating the strategic planning implicit in projects.
  • Lead information security and risk management projects with staff from the IT organization and business unit teams.
  • Lead the organization through testing and execution of effective incident response procedures.
  • Ensure that security programs are in compliance with applicable laws, regulations and policies to minimize or eliminate risk and audit findings, specifically SOX, PCI-DSS, and GDPR.
  • Liaise between the information security team and corporate compliance, audit, legal and HR management teams as required.
  • Create and facilitate an effective information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings.
  • Manage security incidents and events to protect corporate Coty’s information assets, including intellectual property, fixed assets and the company's reputation.
  • Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Develop business-relevant metrics to measure the efficiency and effectiveness of the security and risk management programs, facilitate appropriate resource allocation and increase the maturity of these programs.
  • Facilitate business alignment and communications by forming an information security and/or risk management steering committees or advisory boards.

Requirements and Qualifications

  • Minimum of 8 to 10 years of experience in a combination of risk management, information security, and cybersecurity.
  • Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Must be a critical thinker with strong problem-solving skills.
  • Knowledge of technological trends and developments in the area of information security and risk management.
  • Project management skills; financial/budget management, scheduling and resource management.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Master’s Degree in Information Assurance, Information Security or an appropriate Business Administration field, or equivalent work or education related experience.
  • Professional certifications in information security or risk management, such as a CISSP, CISM, CRISC.
  • Past experience in implementing key Information Security technologies such a SIEM, IDS/IPS, IDAM, MSSPs, Threat Intelligence, etc…
  • Demonstrated leadership of Security Operations Centers.
  • Knowledge of security and control frameworks, such as ISO 27001/2, the NIST Cybersecurity Framework, CIS Top 20, CobiT, COSO and ITIL.
  • Experience with contract and vendor negotiations.
  • Team leadership of direct staff experience of at least 5 years.
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision.