Director, Security Risk Management Lead

Job Description

• Oversee development and maintenance Line of Business security risk portfolio to feed investment decisions, mitigation plans, and enterprise risk management
• Facilitate and manage risk assessments and workshops to identify and catalog risk across BUs
• Engage and partner with executives across lines of business/ Bus
• Guide and support on building a third party information security risk management framework
• Oversee a mechanism in which the security risk managers partner with the business to ensure proactiveness and anticipation to third party management.
• Provide strategic leadership and assist in the development of multi-year organizational plans in line company strategy
• Support project managers in third party risk management to ensure policies are incorporated correctly and the 3rd party risk management frameworks are preserved
• Oversee development security strategy for each policy focus areas
• Manage facilitation and tracking compliance activities and management action plans
• Oversee collection and tracking of high level roll up data from compliance assessments and findings from Control Assessors
• Oversee development and maintenance of centralized role catalogue
• Align organizational goals to strategic company goals and objectives. Translate goals into meaningful, measurable, and actionable strategy for department.
• Communicate department objectives and organizational activities to executive management

• Working knowledge of Risk Management and/or Audit programs with demonstrated understanding of IT and Information Security frameworks (e.g. NIST CSF, ISO 27001, COBIT)
• Understanding and technical knowledge of key risk management concepts, including but not limited to, security risk management, information security consulting, third party management, software security, and security architecture.
• Demonstrable strong management skills, the ability to develop, mentor and coach others.
• Strong written and oral executive communication, including up to the C-level.
• Experience in working in large or federated enterprises, preferably in the Consumer Products and FMCG industries.
• Ability to describe cyber risk from an operating perspective to provide consulting guidance and build relationships.
• Strong technical understanding of SOX and processes/ steps taken to automate such .
• Ability to design and evaluate processes to build security mindset and review processes for ongoing improvement to mitigate risks.
• Strong understanding of risk, compliance and ability to define and operationalize cybersecurity processes.
• Ability to delegate work to team members and provide clear and effective guidance on implementation of processes.
• Experience in the implementation and/or management of Risk and Compliance (GRC) technologies and supporting processes.
• Professional certifications are a plus:
  • Certified Information Systems Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Systems Auditor (CISA)
  • Certified Protection Profession (CPP)
  • Bachelor's Degree Required