Church & Dwight Co., Inc. Director, IT Security & Risk Management in Ewing, New Jersey
A collective energy and ambition. A place where you can make a real difference.
We’re a company that genuinely cares about our people, our products, our consumers and the environment.
Our unique, informal culture champions courage, determination and collaboration. Knowing we have an open and supportive team means each of us has the freedom to take responsibility and ownership. We have a shared passion to work hard, innovate and push boundaries.
United by the belief that when we strive for growth, anything is possible. While we might not be the largest company in our industry, we believe we can have the biggest impact because: Together We Have the Power to Win.
The Director, IT Security & Risk Management is responsible for the enterprise-wide information security policy, information security strategy, information security architecture, information security operations, and information security risk management. He/she oversees and coordinates security initiatives working with executive, business and functional leaders and staff including information technology, human resources, audit & compliance, corporate and financial investigations, legal, physical security, systems operations and systems development. This role will provide vision and leadership necessary to manage risk to the organization aligned with business needs, effective governance, operational efficiency and performance monitoring and measurement. This role will provide executive level decision support through both informal and formal means, including but not limited to executive level metrics, dashboards, risk analysis and mitigation, acceptance and reporting.
Role Accountabilities and Responsibilities
Provide vision and leadership to develop and execute on an enterprise information security strategy and roadmap. Align with enterprise business strategy, gain executive approval and support, and oversee successful execution.
Develop and maintain practical and actionable information security policy and standards that reflect the needs of the business while keeping pace with changes in the business environment, technology and threats in order to effectively mitigate and manage risk to the business.
Develop and maintain a highly qualified staff of information security professionals across the enterprise. Build and maintain executive relationships necessary for the successful execution of the information security program.
Maintain accountability for responsible information security program governance.
Lead Computer Systems Validation (FDA) process and assure compliance as defined in the IT SDLC
Develop data privacy strategy and provide oversight and governance to assure compliance.
Develop and implement an information security risk profile that prioritizes risk and the investment and financial strategy required to mitigate those risks.
Create and maintain security architecture for the enterprise and participate in the solution selection and process development.
Develop security requirements for information technology infrastructure initiatives, selected enterprise applications and, as appropriate, review and approve security design of initiatives.
Measure compliance with policy as part of assessing the overall security risk posture of the enterprise, and initiate programs to achieve and maintain an adequate security posture.
Develop and maintain external and internal relationships to influence security policy, standards and programs and enhance secure interoperability with extended entities.
Leverage information security investments to enhance business, administration and compliance processes.
Develop and employ an ongoing information security communications, training and awareness program tailored to the evolving needs of the business and specific requirements of various user groups.
Develop and make available a catalog of security services to support company and business unit security needs.
Develop and maintain a responsive and effective information security incident response and management capability that will identify, contain and resolve information security incidents, meet compliance and reporting obligations, and uphold chain of custody and rules of civil procedure requirements.
Provide an annual report to executive leadership on the information security risk posture of the enterprise.
Education and Experience
Bachelor’s degree in computer science, information systems, engineering, business administration or a related field is required.
Must have at least one of the following active certifications: CISA, CISM, CISSP or CFE
Related certifications such as CISA, CISM, CISSP, CFE, ITIL, PMP, SANS/GSEC, CIPP, CRISC, CGEIT, CPA/CA are preferred, but not required.
Extensive experience with Sarbanes Oxley, ITGC, FDA, PCI-DSS, ISO, NIST, Data Privacy, Safe Harbor.
Minimum of 10 years executive leadership in information security policy, standards, architecture, technology and programs.
Strong understanding of information security and the relationship between threat, vulnerability and information value in the context of risk management.
Must have a track record of developing and implementing a comprehensive strategy and plan for managing information security.
Ability to gather, analyze and interpret business drivers and developing practical security solutions that provide adequate security to support the business.
Possess a good understanding of appropriate leading-edge technologies.
Known to relevant technology companies as a thought leader around security, privacy and supporting technologies.
Demonstrated ability to build effective, cohesive and collaborative management team.
Extensive experience building and managing a diverse and inclusive team environment with strong commitment to respect, equality and teaming.
Strong demonstrated ability to skillfully hire, develop, lead, motivate, performance manage, and coach a cross-section of security and technology professionals and managers.
Church & Dwight is proud to be an Equal Opportunity Employer/Veterans/Individuals with Disabilities.For more information on our company, our brands and our culture visit us at http://www.churchdwight.com/
Church & Dwight is a world-leader in household and personal care products. Our global brands include ARM & HAMMER®, Batiste, OxiClean, Trojan, XTRA, Nair, First Response, Spinbrush, Orajel, vitafusion, Li’l Critters, Water Pik and FLAWLESS®. Founded in 1846, we have operations globally and are listed in the S&P 500.