Sr Director, Cyber Security

at TreeHouse Foods, Inc. in Oak Brook, Illinois, United States

Job Description

Employee Type:

Full time

Location:

IL Oak Brook

Job Type:

Information Technology

Job Posting Title:

Sr Director, Cyber Security

About Us :

TreeHouse Foods (NYSE: THS) is a leading manufacturer of private label packaged foods and beverages, operating a network of more than two dozen production facilities and several corporate offices across the United States and Canada. At TreeHouse Foods, our commitment to excellence extends beyond our products and revolves around our people. We are investing in talent and creating a performance-based culture where employees can do their best work and develop their careers, directly impacting our mission to make high quality, affordable food for our customers, communities, and families. We hope you will consider joining the team and being part of our future.

What You G ain :

+ Leaders who are invested in supporting your accelerated career growth, plus paid training, tuition reimbursement and arobust educational platform – DevelopU – with more than 10,000 free courses to support you along the way.

+ An inclusive working environment where you can build meaningful work relationships with a diverse group of professionals. Take advantage of opportunities to build on our team-oriented culture, such as joining one of our Employee Resource Groups.

+ Competitive compensation and benefits program with no waiting period – you’re eligible from your first day!

+ 401(k) program with 5% employer match and 100% vesting as soon as you enroll.

+ Comprehensive paid time off opportunities, including immediate access to four weeks of vacation, fivesick days, parental leave and 11 company holidays (including two floatingholidays).

+ Enrollment in our wellness and employee assistance programs.

Job Description:

About the Role:

The Senior Director, Cyber security will be responsible for implementing and running the enterprise cyber security program. That will involve identifying, evaluating, and reporting on cybersecurity risk to information assets, while supporting and advancing business objectives.

The Senior Director, Cyber security position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The Senior Director, Cyber security is responsible for establishing and maintaining the cyber security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate.

A key element of the Senior Director, Information Security’s role is working with the CIO and executive team to determine acceptable levels of risk for the organization. He or she will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. The Senior Director, Cyber security should understand and articulate the impact of cybersecurity on the business and be able to communicate this to the board of directors and other senior stakeholders.

The Senior Director, Cyber security must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The Senior Director, Cyber security understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization’s perimeter.

The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process, and technology. While the Senior Director, Cyber security is the leader of the cyber security program, they must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the Senior Director, Cyber security is a business leader, and should have a track record of competency in the field of cyber security and/or risk management, with seven to 10 years of relevant experience, including five years in a significant leadership role. You’ll add value to this role by performing various functions including, but not limited to:

Establish Governance and Build Knowledge

+ Facilitates a cyber security governance structure through a governance program, including the corporate cybersecurity steering committee.

+ Responsible for regular reporting on the current status of the cyber security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.

+ Develops, socializes and coordinates approval and implementation of security policies

+ Works with the vendor management office to ensure that cyber security requirements are included in contracts by liaising with vendor management and procurement organizations

+ Directs the creation of a targeted cyber security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences

+ Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.

+ Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.

+ Embeds Cyber Judgement across a decentralized or distributed decision making model

+ Leads the security champion program to mobilize employees in all locations.

Lead the Organization

+ Leads the cyber security function across the company to ensure consistent and high-quality cyber security management in support of the business goals.

+ Determines the cyber security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.

+ Manages the budget for the cyber security function, monitoring and reporting discrepancies

+ Manages the cost-efficient cyber security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews.

Set the Strategy

+ Develops a cyber security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization’s business objectives, and ensures senior stakeholder buy-in and mandate.

+ Develops, implements and monitors a strategic, comprehensive cyber security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.

Develop the Frameworks

+ Develops and enhances an up-to-date cyber security management framework based on the National Institute of Standards and T