Director of Information Security

Job Description

Information security covers Policy Creation, management, and validation of security compliance across the Information Security, Cyber-Security, Physical Security, Supply Chain Security, Security in R&D, DR and Information Security Incident Management.

The roll will be based in the US and will provide Company wide Leadership and support to drive the implementation of Group Information Security policies, procedures and internal security auditing. The role will also be directly accountable for the management of all Information Security certifications (ISO27001, SSAE18, etc) through the support of site Information security managers.

Purpose and Objective

• Direct and manage the Global Information Security Team
• Own the development and implementation of the Group Information Security (IS) strategy for the company in close co-operation with key stakeholders such as Cyber Security, IT compliance, R&D and the information security resources at local entities.
• Accountable for all ISO27001, SSAE18, and all other security compliance certification implementation & ongoing management of compliance for the company
• Co-ordinate and harmonize IS processes and the Information security Management System (ISMS) across other sites
• Lead process to ensure business units comply to the ISO27001 standard and contribute to the wider improvement of the Group security framework.
• Supporting customer project teams in information security topics
• Responsible for ensuring all vendor and customer contracts align with the global information security compliance requirements.

Key Performance Indicators

• Successful implementation & ongoing compliance of ISO27001, SSAE, and all other security certifications for L+G sites
• Ownership and assurance of compliance with companywide security certifications
• Devise and implement an ISMS strategy and support towards having a harmonized L+G Global ISMS Framework
• Provide support and co-ordination during external audits and customer tender requests
• Satisfy business in Solution customer projects by providing security expertise for our Customer offerings (end to end)

Core Areas of Responsibility/Accountability

• Accountable for Managing and Leading the Global Information Security Team of 6-8 resources and a Direct report to the Chief Security Officer
• Accountable for implementation & managing 27001 and SSAE certifications
• Co-ordination responsibility of the ISMS
• Process owner and provider of subject matter expertise to the business on Information Security and information security certification
• Implementation of standardized IS controls within business processes
• Support the Business Management to make informed decisions regarding information security
• Coach, train employees in information security (incl. awareness)
• Manage & conduct internal 27001 and SSAE18 audits
• Develop reports (incidents, audits, risks, etc.) to support wider communication of the Info Sec.
• Perform internal information security audits
• Support and advise on customer requests for information security
• Support and advise for supplier relationships
• Satisfy business in Solution customer projects by providing information security expertise
• Some travel may be required

Required Experience

• Past experience managing security or information security teams
• Past experience in a similar international role.
• Past experience in implementing ISO27001 and SSAE18 within an organization
• Qualified lead auditor and preferably has pursued advanced qualifications such as CISA/CISM
• Good understanding and experience in implementing GDPR and DPIA will be a plus
• Experience in managing projects and virtual teams
• As this role will be a stand-alone/self-managed function, the position holder must be able to demonstrate influential abilities to gain buy-in and work with key stakeholders such as site management and IT.
• Ability to capture stakeholder requirements and be able to prioritize the work to fulfill these requirements and maintain compliance
• Ability to work in a matrix organization, employees of different nationalities and backgrounds

Educational / Professional or Vocational Qualifications

• Technical diploma or degree in engineering/ computer science/ IT
• Training in GDPR would be a plus
• Good knowledge of other ISO standards (Eg: 9001, 22301)