Reporting to the Chief Information Officer (CIO), the Director, Risk and Security Solutions provides leadership in the design, execution, and ongoing services associated with group information security and IT risk management programs for Essilor of America (EOA). The Director, Risk and Security Solutions’ primary directive is to maintain a comprehensive company wide information security program to manage anticipatory response to information security risk that may adversely affect EOA information assets.
Watch: Career Advice
ESSENTIAL DUTIES AND RESPONSIBILITIES:
(Other duties may be assigned.)
The Risk and Security Solutions service encompasses IT risk, compliance and security.
• Lead EOA information security, privacy, risk, and compliance service visions, strategies, projects and best practices to ensure that reasonable and appropriate measures are implemeted to optimize risk, strengthen defenses and reduce vulnerabilities to internal and external assets including vendor/partner managed systems and products.
• Lead security governance groups and the adoption and implementation of security & privacy policies, standards and procedures including security technology implementations, procedures and directives for compliance management, and risk assessments and audit oversight, data classificaction and security governance, IT compliance management and SDLC requirements and checklists, and incident response processes. Investigate and respond to reported security incidents in a timely manner to protect the company and its employees.
• Lead EOA IT risk management processes and services including maintaining an enterprise risk register, profiling for risk indicators, assessing risk to IT assets and services, classifying and evaluating IT risk, managing risk response efforts, and providing risk reporting and analytics that optimize management decisions. Champion information security initiatives and manage the departmental budget to ensure departmental prioities and corporate alignment are achieved. Evaluate technology and automation solutions that enable high control performance while maximizing resources. Achieve automation by design in the information security, risk, and compliance management technology portfolio where possible.
• Liason with corporate executives, legal, internal audit, procurement, vendor management, business units, risk management, and related global functions on information security and privacy matters.
• Foster a risk aware culture whereby security is engaged early and is part of the service or technology design. Act as the advocate for information security best practices while ensuring that the EOA technology portfolio complies with existing laws and regulations.
• Maintain reliable, up-to-date information on industry security trends and government regulations through active networking, presentations and participation in leading industry forums and consortiums to represent business interests and set standards/practices.
• Protect the integrity of EOA information assets while enabling adequate access to on demand resources. Design and maintain a security architecture that drives the advanced use and adoption of new tools for security detection and security analytics. Determine threats, identify risks and vulnerabilities to the organization, research security breaches and drive the implementation of corrective actions.
• Oversees and owns IT resource management process including reporting on resource needs, gaps and availability.
• Provides supervision, coaching and mentoring to a team of technical professionals with the goals of increased delivery excellence throughout Essilor and the IT department.
• Provides oversight to the Risk and Security team and coordinates with key stakeholders to ensure maximum value through the simplest possible solution aligned with Essilor Corporate Strategies.
• Provides oversight of development and implementation of IT policies and procedures. This function assesses the current organizational maturity level and key performance indicators, reviews existing process alignment and compliance and recommends appropriate action such as training and process development where necessary.
• Oversees IT administration such as career progression planning.
• Investigates industry trends and new technologies, providing guidance and recommendations to senior management.
• Develops strategic plan for each function managed. Monitors implementation of the strategic plan, ensuring that tactical plans are developed, executed and completed accordingly, and in line with overall IT objectives.
• Facilitates Strategy development across Essilor IT making sure that IT Strategy is aligned with Essilor Corporate Strategy.
• Leads Feasibility Studies that help drive innovation within the IT department relying on metrics and data to assist in business decision making.
• Lead change management activities and facilitate strategic methodology across the IT department.
EDUCATION AND QUALIFICATIONS:
- Bachelor’s degree in business administration, information technology or a related field, or an equivalent combination of training and experience.
Minimum of 10 years of experience in Information Security and Privacy leadership with a proven track record of success
Demonstrated ability to successfully engage and consult with technology and business leaders
Bachelor degree in Computer Science or related field
CISSP and/or CISM and previous CISO experience is preferred
Demonstrated IT Compliance expertise with PCI, HIPAA, State Privacy Laws, and EU Data and Privacy Laws is required.
- Excellent communication, interpersonal and presentation skills.
- Proven people management skills.
- Demonstrated analytical and problem-solving skills.
Send To A Friend
Posts
