VP Information Security & Compliance (129992419)
Our team is looking for an VP, Information Security & Compliance to join our team in Chaska, MN or Billerica, MA.
The Vice President, Information Security and Compliance is responsible for establishing information security strategy for the organization and directs the implementation and monitoring of information security standards and policies. This position is responsible for managing risks relating to information security, physical security, business continuity planning, crisis management, data privacy, and compliance. It will report to the CIO and be a key member of the senior IT leadership team.
- Sets the mission, vision, and strategy of the Information Security and Compliance organization to ensures the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies;
- Introduces innovative, differentiating cybersecurity capabilities that enhance our overall competitive advantage and align risk strategies with business priorities;
- Develops and leads the cybersecurity and data privacy/management roadmap based off industry leading frameworks;
- Builds awareness and compliance among all Entegris employees through training and outreach programs.
Information Security and Compliance Delivery
- Leads the development, implementation, and validation of cybersecurity strategies, security architecture, and security incident response;
- Leads an experienced enterprise team that provides global coordination and oversight of divisional and business unit information risk management processes and strategies;
- Oversees development of an information security awareness program with customized communication tools and campaigns for each business unit and integrated services group;
- Coordinates business continuity planning efforts across business units;
- Makes balanced risk investments by understanding the trade-off required to manage different levels of risk tolerance and risk exposure across the organization;
- Keeps abreast with evolving threats/risks, industry trends and works to implement best practices in the organization;
- Develops and maintains appropriate response playbooks, facilitate routine exercises, and ensure a sound communication process for all cyber events;
- Coordinates audit and regulatory inquiries and external vendor activities to help represent the company from an information security, recovery and technology risk perspective;
- Participates in leading industry forums and consortiums to represent business interests;
- Oversees security-related vendor relationships, product selection, and negotiation of high-level contracts to provide services and capabilities for the protection of global organization assets.
Policies and Procedures
- Establishes enterprise security and risk policy and oversees the development of technology architecture to support this policy;
- Monitors regulatory compliance with enterprise security policies and educates business unit leaders and service managers on compliance efforts.
- Motivates and manages a team of information security staff supporting the organization’s goals and an ability to lead the process of developing an information security vision for the future;
- Manages and influences cross-functional and indirect reporting team in order to execute on the cybersecurity, data privacy/management, risk and compliance strategies.
- Bachelor’s Degree in computer science, information technology, business administration, or related discipline; MBA or Master’s in IT related field preferred;
- Related Cybersecurity, risk management and data privacy certifications preferred: CompTIA Security+, CISSP, CISM, CISA, and/or CEH;
- Over eight years of professional experience in running an information security function, including analyzing and applying information security risk, risk management, and privacy practices;
- Over ten years of experience working with national and international regulatory compliance frameworks such as NIST, ISO, SOX, EU GDPR, CCPA and PCI DSS;
- Experience and working knowledge of the following areas of technical expertise: information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management, IT financial management and IT audit;
- Extensive experience in M&A integration, strategic planning, budgeting, and allocation.