This job has expired, please see additional jobs below
Director, Information Risk Management
International Flavors & Fragrances
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
We are IFF. We are the catalyst for discoveries that spark the senses and transform the everyday. International Flavors & Fragrances Inc. is a leading innovator of sensorial experiences that move the world. At the heart of our company, we are fueled by a sense of discovery, constantly asking “what if?” That passion for exploration drives us to co-create unique scents and tastes in fine fragrances and beauty, detergents and household goods, as well as beloved foods and beverages.
Our 7,300 team members globally take advantage of leading consumer insights, research and development, creative expertise, and customer intimacy to develop differentiated products.
Dreamers and doers, we work tirelessly to discover flavors and fragrances that inspire customers and delight consumers. We are fueled by our four corporate values of passion, creativity, expertise and empowerment. It is the unique blend of these values that make us IFF. These qualities can be seen and felt throughout our amazing 129 year history and will continue to guide us as we explore our limitless possibilities and develop new-to-world solutions that enhance the lives of millions around the globe.
This position will support the risk identification, analysis and risk management across the business, assessing the current adequacy of the security strategy, threats, and the impact of risks not remediated.
Risk Analyst
• Act as the subject matter expert (SME) on Cyber and Information Security issues
• Conduct security threat assessments, identify risks and track and report on remediation
• Provide information security insight and expertise in assessing new business opportunities
• Report to senior management on security status and initiatives
• Create a business aligned Information Risk Committee and provide regular updates
• Identify opportunities for process improvements to deliver increasing efficiency within the Risk & Control framework
• Interact with auditors on information security management oversight
• Coordinate with outside vendors on the protection of client information, data transmission protocols and on Cyber/Info Security assessments
• Work closely with developers and infrastructure teams to design and implement the security policies required to protect the integrity, confidentiality and availability of the information on an end-to-end basis.
• Assess the security controls of the industrial control systems IT architecture
Information Risk Management
• Develop & implement a risk assessment framework which identifies critical information security and privacy impacting business process and/or systems.
• Outline a plan to complete risk assessments of new/existing infrastructure, systems, Industrial Control Systems and other components.
• Provide support & risk guidance in the areas of enterprise infrastructure, cloud-based software/infrastructure security, wireless and secure software development.
• Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response.
• Oversee vulnerability assessments and validate results where appropriate. Prioritize the remediation requirements and work with network and infrastructure team to mitigate security findings.
• Identify critical business areas, partner with business to implement Business continuity framework, document and test their plans
• Identity & remediate open security issues
Data Privacy & Security
• Develop & implement a data security program. Partner with Legal/Privacy and business to identify/classify data to implement appropriate controls to monitor data loss, encryption/tokenization, and secure file transfer. Partner with Legal on privacy compliance and cross-border data protection. Partner with records management on data lifecycle management and provide general consultative services where needed.
• Identify opportunities for business process enhancement and tools to enforce data protection. Partner with Demand IT to evaluate, select and deploy a strategic solution to proactively monitor & prevent data loss.
Vendor Risk Assessment
• Promote adoption of third party risk assessment framework. Partner with Procurement, Demand IT and Legal to complete initial and periodic third party risk assessments. Monitor and report on risk remediation status.
• Governance & Risk Reporting
• Provide guidance over policy enforcement and ensure the effectiveness and efficiency of the IT control environment.
• Partner with Demand IT & business to create a risk dashboard, identify key risk indicators which are business aligned from current data sources and recommend control enhancements to drive down issues identified.
• Create a business aligned security steering committee to drive further adoption of security awareness, policies, controls & culture in and across the business
• Create security policies as appropriate
Required Experience
• Infrastructure security experience; including the ability to perform technical vendor risk assessments and knowledge of datacenter & cloud-based infrastructure and application security design.
• Strong analytical skills/problem solving/conceptual thinking and ability to work with Technical & Non-Technical business owners
• Broad knowledge of information security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy (i.e. GDPR)
• Working knowledge of information security and control frameworks (ISO27001, NIST, CobIT)
• Effective communication skills and able to build relationships with technical and non-technical
• Holds one or more security certificates (CISSP, CRISC, CISA, CSA, CEH, CISM)
• Must be able to identify, analyze and address problems to resolve issues whenever possible in way that minimizes negative impact and risk to the organization
• 5+ years of relevant experience in Information Risk Management Cyber Security, IT security design, Technology architecture
• Bachelor's degree in Computer Science, Engineering, Information Technology or related field 5+ years of relevant experience in pharmaceuticals, manufacturing, or other regulated industries
• Experience evaluating security controls, conducting risks assessments and providing guidance for platform