Manager – Cybersecurity Risk & Compliance

Manager – Cybersecurity Risk & Compliance

Requirements

• Bachelor’s degree in computer science, Information Security, Information Systems, Engineering, or related field.
• Five (5) or more years overall IT and Cyber Security experience with at least two (2) years dedicated cyber/information security experience.
• Deep understanding of common security standards, regulations, and controls relating to a high-tech environment (e.g., ISO-27001, SOX, PCI, and NIST CSF).
• Knowledge of information security risk management frameworks and compliance practices. Experience with one or more GRC solutions.
• Experience performing information security audits or risk assessments.
• Experience responding to, analyzing, and communicating information security incidents.
• Self-motivated and proactive in identifying areas of improvement.
• Experience working both independently and in a team-oriented, collaborative environment is essential.
• Strong analytical skills, problem-solving skills, writing skills, attention to detail, and conceptual thinking, including the ability to work with technical and non-technical business owners.
• Able to be flexible with regards to shifting priorities, demands, and timelines through analytical and problem-solving capabilities.

Responsibilities

• Participate in the development and implementation of the system-wide risk management function of the information security program to ensure risks are identified and monitored.
• Conduct Information security assessments and maintain the Risk Register, identifying risks, tracking remediations, and creating status reports/metrics.
• Respond to IFF customers, business audits, and cybersecurity questionnaires.
• Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for International Flavors & Fragrances (IFF) risk and compliance requirements.
• Help drive the enterprise cyber security compliance program, ensuring activities, processes, and procedures meet defined requirements, policies, and regulations.
• Develop and implement an effective control framework and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Execute strategy for dealing with the increasing number of audits, compliance checks, and external assessment processes for internal/external auditors.
• Work with Internal Audit and outside consultants/third parties to complete/remediate as appropriate on required security and risk assessments and audits.
• Coordinate and track all information technology and security-related audits, including the scope of audits, groups and functions involved, timelines, auditing agencies, and outcomes.
• Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities, and provide a consistent perspective that continually puts the company in its best light. Provide guidance, evaluation, and advocacy on audit responses.
• Maintain a cybersecurity awareness program.
• Track and publish cybersecurity metrics.
• Own problems from discovery to resolution.
• Deliver exceptional service by understanding business drivers and needs.
• Maintaining up-to-date knowledge of the Cybersecurity industry, including awareness of innovative information security solutions/processes, emerging standards, and new threat vectors by reading professional publications, maintaining personal networks, and participating in professional organizations.

Preferred Qualifications

• Information security-related certifications (e.g., CISSP; CRISC, etc.)
• Experience in pharmaceuticals, manufacturing, or other regulated industries.