IL Oak Brook
Job Posting Title:
Senior Director, Information Security
Reporting to the Chief Information Officer, this position serves as a key member of the Information Technology organization's leadership team providing oversight, development, implementation and verification of security standards and best practices for the organization. The position is located at the Company's Headquarters in Oak Brook, IL.
The role covers all security technologies and services, physical and logical access control and user profile and lifecycle management. The position, also has responsibility for controlling access to sensitive and protected data and proprietary information, the development, training and maintenance of security policies, standards and organizational awareness.
The Senior Director is responsible for managing data and information risks related to technology solutions, crisis management, data security compliance, working collaboratively with the regulatory and compliance organizations and third-party advisors and consultants. The role also directs the adoption and implementation of policies and procedures, manages cyber threat analysis activities, assesses incident risks and communicates with departmental leaders and senior management. The role will provide guidance on the information security technical architecture and security standards, controls, procedures and guidelines for the computer platforms, applications and networks including utilization of cloud technologies.
The position is responsible for scheduling, driving and managing all security certifications and their respective audits, both internal and external as required by customers and regulating federal and governmental agencies and the adherence to local and foreign security and privacy standards. The scope of this responsibility should consider that the role supports an organization with customers and offices in global locations.
This role requires the Senior Director to be a thought leader, a partner to all contributing groups and individuals and stakeholder in all aspects of corporate cyber-security and must be experienced at implementing security cultural change and evangelizing its benefits to all employees and business associates.
Roles & Responsibilities:
Establish a company-wide IT security strategy and roadmap to ensure that information assets are adequately protected.
Oversee the development of security policies, standards and procedures and ensure these are complied with by the company and its staff.
Maintain a current understanding the IT threat landscape for the industry
Ensure compliance with the changing laws and applicable regulations
Oversee identity and access management
Direct and approve system security design
Serve as the focal point for security incident response planning, execution, and awareness
Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
Using a defined risk analysis methodology and risk classification scheme, identify risks and actionable plans to protect the business
Oversee technical security analyses and evaluations of current and strategic platforms and applications to determine security weakness and recommended control measures
Manage all teams, employees, contractors and vendors involved in IT security, including appropriate hiring
Provide training and mentoring to security team members
Brief the Board and executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
Communicate best practices and risks to all parts of the business, outside IT
Work with senior leaders across the business to assess and communicate acceptable levels of risk.
Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements.
Act as the champion for the enterprise information security program and foster a security-aware culture.
Manage regular intrusion detection and vulnerability reporting and the coordination of all required fixes.
Develop business metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time.
Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third party risk.
Bachelor's degree in the field of Computer Science, Information Security, Management of Information Systems, or related field, required, advanced degree preferred
Minimum of 15 years of experience in a combination of risk management, information security and information technology fields
At least 5 years of experience in a senior leadership role
Employment history must demonstrate increasing levels of responsibility
Experience operating in a fast-paced ever changing environment
Ability to operate across a large organization
Strong influencing skills
Executive level presence and presentation skills
Extensive knowledge of business risk, risk assessment and risk-based decision making
TreeHouse Foods is an Equal Employment Opportunity Employer and offers opportunities to all job seekers, including those with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to firstname.lastname@example.org. In your email please include a description of the specific accommodation you are requesting and a description of the position for which you are applying.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.