This job has expired, please see additional jobs below
IT Security and Compliance Director
Hain Celestial Group
Lake Success, NY, United States
Job Details - this job has expired, please see similar jobs below
Job Description
Overview
Under direction of the CIO, the IT Security and Compliance Director manages the Information Security compliance program for the Hain Celestial Group (Hain), ensuring compliance with Federal, State, and local laws, and Hain Information Security policies.
As an IT Leadership Team Member, the position engages with the CIO, IT Leadership Team, Senior Staff, Policy Review Board and external vendors and contractors. The IT Director oversees the IT Compliance functions, Security office team and staff, tools and processes, policies and procedures. The position focuses on ensuring that the IT organization "does the right things" through security and compliance activities. As well as "doing things right" through modeling and enforcing a culture and environment of control and compliance.
As legal and regulatory compliance drivers continue to grow in impact and importance, many IT Security and Compliance tasks of may also be part of an audit support function, requiring a high level of technical expertise. The position needs to have a finger on the pulse of legislative changes and Security Industry trends and innovations.
Essential Duties and Responsibilities
• Coordinates and collaborates on Information Security matters related to Hain and external parties.
• Designs and directs the Hain Information Security Compliance Program.
• Directs and implements Information Security projects, including risk assessments, education, monitoring, auditing, response and prevention.
• Serves as a consultant for Hain IT and business owners on any questions on policies, procedures, regulations, and laws relating to Information Security and effective Risk Management to confidentiality.
• Advises IT and business owners on defining information security and privacy compliance requirements for ongoing operations, projects, applications, and purchases not only for acquisition, but also for implementation.
• Drives continuous improvement in Security and Compliance.
• Designs and directs Compliance Management Processes.
• Develops, monitors and directs Security and Compliance Opex and Capex budgets.
• Oversees the development and maintenance of Information Security Policies, Standards, and Procedures, and creates new policies as needed.
• Ensures effective and timely incident management and breach notification.
• Stays current with trends, innovation and new developments in the Security Industry.
Monitoring and Auditing
• Coordinates and cooperates with Hain Audit and Advisory Services and other compliance and operational assessment functions.
• Performs audits in cooperation with IT and business owners to verify compliance with IT General Controls, security requirements and policies and verify remediation status.
• Responsible for ongoing information security risk assessment - potential threats and vulnerabilities and likelihood - and mitigations.
• Co-develops monitoring and assessment methodologies such as network scanning, log monitoring, data loss prevention, security incident and event management and web application vulnerability testing.
People Management
• Builds and manages the team of people who make up an effective Security and Compliance team and function, including sourcing, training and development of people.
• Serves on the IT Leadership Team, coordinates with the CIO, IT Directors, IT Policy Review Board, and business owners to ensure a control and compliance culture and environment.
Training and Education
• Directs, delivers, or ensures delivery of information security training and orientation to all appropriate Hain people, and third parties.
• Initiates, facilitates and sponsors activities that create and nurture a culture of information security awareness within the organization and related entities.
Response and Prevention
• Participates on the Computer Security Incident Response team. Serves as a resource to IT on incident response and security breach issues.
• Conducts investigations into Information Security incidents, breaches and issues in coordination with the CIO, Director of IT Infrastructure, legal counsel and other appropriate entities. Oversees both internal and external forensics investigations, as necessary.
• Co-develops remediation/corrective action plans with the IT Leadership Team, including prioritization, progress and plan management.
Qualifications
• 15 or more years in IT / information security working experience; supervisory experience. CPG experience highly desired.
• Bachelor's or master's Degree in Information Services, Computer Sciences, or related field, or equivalent work experience.
• Certifications:CISSP, CISA or CISM.
• Prior IT Audit experience is required (5+ years)
• Expertise in Information Security and Control Compliance.
• Familiarity with the NIST Cyber security Framework.
• Broad knowledge of the HIPAA Privacy and Security Regulations, and detailed knowledge of general law (US and EMEA) relating to privacy and security and other personally identifiable information.
• Core Competencies: Action Oriented, Customer Focus, Adaptability, Listening, Ethics and Values, Integrity and Trust
• Ability to translate state and federal regulations and Security and Compliance best practice into an effective Compliance Program.
• Working knowledge of principles of performance /quality improvement and Continuous Improvement.
• Excellent oral and written communications skills with individuals and audiences with various degrees of technical knowledge, including non-technical staff; ability to speak in public and present to various groups on privacy and confidentiality requirements.
• Adept at team building and conflict resolution; ability to handle difficult and sensitive situations tactfully and responsibly.
• Excellent organizational skills, focus on details, and prioritizing work responsibilities, with fluctuating workload.