Regional Director CISO - Americas

Job Description

Director, Regional CISO - Americas is responsible for implementing and monitoring the global group policy and strategy of Information Security, Cyber Security, and Product Security in Americas region. The candidate will be responsible for hardening the information/cyber security posture in Americas region, facilitating collaborations among the different information security domains (Information Security, Enterprise Cyber Security & Product Security) and engaging external stakeholders (industry bodies, government agencies etc.) in the region on Information Security / Cyber Security / Product Security issues where appropriate.

Job Duties

• Establish appropriate governance structure and process in Americas region to enable the implementation of the global Information Security strategy and roadmap. Customize global initiatives for regional/local situation and oversee their implementation. 
• Lead/facilitate security/compliance incident investigations and management. Align with Compliance, HR and Legal on disciplinary actions where appropriate.
• Establish a robust risk management program that includes identification of critical information assets, defence in depth strategy, security and privacy incident monitoring, incident and crisis response process, disaster recovery etc. 
• Monitor information & cyber security threat landscape and trends in Americas region. Partner with Business and Functional stakeholders to develop countermeasures and meet changing regulatory and market requirements. 
• Regularly review and update the regional cybersecurity incident response plan in collaboration with IT Security. Improve the organization preparedness for a cyber attack through sharing of threat intelligence, training, and incident response drills.
• Strengthen the human firewall by raising employee awareness on information/cyber security. Standardize onboarding training in Americas region and implement risk-based trainings. 
• Regularly update the regional Executive Management and Board on information/cyber security risks.
• Manage internal and external audit and certification requirements (DJSI requirements on information/cyber security, NIST/ISO 27001 certification etc.).
• Engage with external stakeholders on information security trends and issues where appropriate (industry information security threats sharing etc.).

Job Qualifications:

Required:

• Master’s or bachelor’s degree (preferably Information Technology Professional with completed university studies in information Technology and Cybersecurity education).
• Minimum of 5 years of experience in Leadership role to provide leadership to others regarding work related systems, processes and challenges.
• Minimum of 5 years of experience of interpreting strategy and policy in order to set and deliver objectives within medium to long time frames.
• Minimum of 3 years of experience in International IT company.
• Minimum of 3 years of experience Forensic experience against security incidents 

Preferred:

• Preferable having certifications such as CISSP (Certified Information Systems Security Professional).
•  Uses expertise to act as organizational authority on planning, organizing, prioritizing and overseeing activities to efficiently meet business objectives.
• Applies expertise to act as the organizational authority on developing appropriate plans or performing necessary actions based on recommendations and requirements.
• Uses expertise to act as organizational authority on strategic planning.
• Uses expertise to act as the organizational authority on developing, monitoring, interpreting and understanding policies and procedures, while making sure they match organizational strategies and objectives.
• Uses expertise to act as organizational authority on developing and implementing policies.
• Applies expertise to act as the organizational authority on making sure the organization develops and maintains the culture, values and design it needs to reach its objectives while managing structural change.
• Uses expertise to act as the organizational authority on managing projects and/or programs within desired cost, time and quality parameters. 
• Acts with expertise as the organization's authority on using clear and effective verbal communications skills to express ideas, request actions and formulate plans or policies.