Deputy, Global Information Security Officer

Summary

The Deputy, Global Information Security Officer is responsible for leading the security strategy roadmap, consulting with security solution partners and defining company security policies and standards. Will have oversight of global security operations, incident response and both US and international Aerospace and Defence (A&D) security and compliance. The right candidate will have the required presence, confidence, and knowhow to quickly gain trust, credibility, and respect. They will have a proven record of taking a fact-based approach to the assessment of the current state of operations and the implementation of pragmatic solutions to address business needs. They will extract maximum value from existing technology investments while leveraging industry trends to introduce new and relevant technologies to deliver the necessary protection to the enterprise. 

Detailed Description

Performs tasks such as, but not limited to, the following:

• Drive the overall security strategy for Celestica, aligning security initiatives with business objectives, influencing stakeholders, and securing buy-in for security investments.

• Act as a champion for security across the organization, fostering a security-conscious culture and promoting best practices.

• Provide leadership to the information security organization.

• Take ownership of the incident response program, including developing and testing incident response plans, coordinating response activities, and conducting post-incident reviews to improve future response capabilities.

• Leverage data analytics to inform security strategy, identify threats, and measure the effectiveness of security controls. This includes promoting a data-driven security culture within the team.

• Drive improvements and efficiencies within the security operating model including identifying areas for optimization, streamlining processes, and championing change.

• Drive the development and implementation of security standards and policies. This includes ensuring compliance with relevant regulations and industry frameworks, and staying abreast of emerging security threats and best practices.

• Actively scans laws, guidelines, and regulations in all the countries that we operate to ensure that any major exposure on data privacy is addressed or mitigated.

• Establish, implement and monitor strategic processes to maintain and improve IT solutions, infrastructure and support services. 

• Coordinate with external authorities to assure monitoring posture is at a high level of attentiveness.

• Accountable for monitoring suspicious network and endpoint activities, and taking corrective actions, as required.

• Responsible for managing security partners and other third-party security relationships.

• Appraise CIO/CISO of cybersecurity trends and threats.

• Responsible for developing and testing threat identification, containment, and recovery plans.

• Accountability for cybersecurity awareness, training, and internal phishing campaigns.

• Key liaison and collaboration with physical security.

• Collaborate on pre-acquisition requirements with stakeholders assuring that security standards are met prior to acquisition.

• Facilitate the necessary efforts and resources to ensure that duration of exposure to cyber events is addressed rapidly

• Participate on company world-wide teams to share information, help implement global initiatives, leverage IT resources and investments, and develop future state of company architecture.

• Build, manage, and mentor a high-performing security team. This includes setting clear goals, providing development opportunities, and fostering a collaborative and innovative work environment.

• Responsible for maturing the Information Security function and driving discipline on execution of all security initiatives to ensure they are delivered on-time, on-budget, and with quality.

Knowledge/Skills/Competencies

• Advanced knowledge of project management and Full Project Scope Experience

• Experience in partnering with the business in promoting cybersecurity initiatives

• Demonstrated experience implementing Security strategies and solution designs

• Advanced understanding of virtualized cloud computing environments

• Performing full security compliance and risk assessments

• Advanced knowledge of Information Security Penetration Testing, IT Vulnerability Assessments

• Mastery level of understanding in IT Risk Management and IT Governance/Audit Procedures

• Advanced understanding of Cybersecurity incident Response Management and advanced experience in incident response activities

• Advanced understanding of IT Security Architecture

• Advanced knowledge of Security Standards, Regulations, and Best Practices

• Extensive knowledge of IT design and deployment, and operations process

• Knowledge and understanding of the business unit and how decisions impact customer satisfaction, product quality, on-time delivery and the profitability of the unit

• Information security forensics

• Knowledge of common information security frameworks and IT controls frameworks, such as NIST 800-171, ISO/IEC 27001, and ITIL

• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard. Knowledge of global requirements

•  Effectively manage relationships with security vendors, negotiating contracts and ensuring the organization is getting the best value for its security investments.

• Experience working with customers on security assessments and audits

• Proven ability to influence and promote safe technology usage, practices and behaviours across all levels of the entire organization by leveraging direct and indirect resources, delivering effective global communication, and enforcing policy attestation and mandatory employee training.

• Demonstrated understanding of how security decisions impact the business, including customer trust, brand reputation, and revenue generation. 

• Ability to articulate the value of security investments in business terms.

• Ability to communicate complex security concepts clearly and concisely to a variety of audiences, including senior management, board members, and external stakeholders. This includes building consensus, influencing decision-making, and securing support for security initiatives.

• Required knowledge of the U.S. GOVERNMENT COMPLIANCE but not limited to, DFAR 252.204-7012/NIST 800-171, DFARS 252.204-7008, 252.204-7009, and 252.204–7012, CMMC Model Version 2.0 and associated testing requirements, and 48 CFR 52.204-21

Physical Demands

• Duties of this position are performed in a normal office environment.
• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• 15+ years of IT experience with a proven track record of delivering global capabilities around risk management, information security and progressive IT roles.
• 5+ years of Senior-level IT Security leadership experience within an organization of comparable scale and complexity, experience in the manufacturing industry is preferred.
• Knowledge of all aspects of IT business.

Typical Education

Bachelor’s Degree

Salary and Benefits Summary:

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.