· Lead and manage Cybersecurity and Information Security functions, including Security Engineering & Operations and IT Risk & Compliance. | · Serve as a key advisor to senior leadership on matters of strategic and operational security importance, influencing decision-making and driving proactive initiatives that strengthen the company's security posture, risk management practices, regulatory compliance, and business resilience. | · Develop and execute Cybersecurity and Information Security strategies aligned with business goals, risk appetite, regulatory requirements, and the evolving threat landscape. | · Build and operate a metric-driven Cybersecurity and Information Security organization, defining KPIs that measure risk reduction, control effectiveness, operational performance, incident response, identity security, cloud security, and compliance posture. | · Oversee security engineering teams responsible for security platforms, tooling, architecture, and integrations across endpoint, network, cloud, identity, and platform environments. | · Manage security operations, including threat monitoring, event detection, incident response, investigations, and continuous improvement of detection and response capabilities. | · Oversee identity security capabilities, including identity and access management, privileged access management, identity governance, Zero Trust initiatives, and privileged access controls. | · Oversee cloud and platform security capabilities, including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and partnership on cloud governance. | · Partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle, enable secure engineering practices, support shared platform governance, and drive secure-by-design delivery. | · Stay abreast of the evolving threat landscape, emerging attack vectors, and advancements in security technologies, continuously adapting the organization's security posture. | · Advise technology, development, engineering, and business partners on security best practices, architectural patterns, and risk-based decision-making, providing ongoing oversight and guidance. | · Establish and operate a risk-based cybersecurity program aligned to business priorities, regulatory expectations, and the evolving threat landscape. | · Oversee the IT Risk function, including coordination of security audits, penetration testing, third-party assessments, control validation, and remediation tracking. | · Manage the end-to-end audit lifecycle, including planning, scheduling, execution, findings management, remediation tracking, and reporting. | · Ensure compliance with regulatory and industry standards, including PCI DSS and ISO 27001, with ownership of audits, control validation, and remediation efforts. | · Oversee annual reporting, regulatory submissions, partner security attestations, and related cybersecurity and information security documentation. | · Drive timely and effective remediation of vulnerabilities, audit findings, control gaps, identity risks, cloud security risks, and security issues across the enterprise. | · Establish and maintain security policies, standards, control frameworks, and governance practices that support business, regulatory, technology, and risk management objectives. | · Implement and enhance continuous monitoring, detection, response, and reporting capabilities to proactively identify and address security risks. | · Lead continual optimization of security technologies, tooling, platforms, and resource utilization to improve effectiveness and reduce cost. | · Drive a bias toward automation and technology-first solutions, reducing manual processes and increasing scalability across Cybersecurity and Information Security functions. | · Leverage automation and AI capabilities to enhance threat detection, accelerate response, improve risk analysis, strengthen security operations, and scale security program capabilities. | · Manage security vendor relationships, contracts, service performance, and cost optimization across tools, services, and third-party providers. | · Provide executive-level reporting on security posture, risks, incidents, identity security, cloud security, control effectiveness, remediation progress, and compliance status. | · Develop and manage the Cybersecurity and Information Security budget, including tools, services, staffing, and vendor spend, optimizing cost efficiency while maintaining or improving program effectiveness. | · Establish strong, business-oriented partnerships across functions, ensuring Cybersecurity and Information Security enables and protects business outcomes and priorities. | · Share knowledge, mentor, and educate stakeholders with regard to the company's Cybersecurity and Information Security initiatives, opportunities, risks, and challenges. | · Promote the professional growth and development of team members by sharing knowledge, mentoring, and providing consistent, actionable feedback. | · Responsible for managerial matters such as performance appraisals and goal setting, promotions, salary recommendations, and staffing in accordance with the company hiring process, personnel policies, and budget requirements. | · Perform additional duties as assigned to support evolving business needs. |
|
|
