TreeHouse Foods (NYSE: THS) is a leading manufacturer of private label packaged foods and beverages, operating a network of production facilities across the United States and Canada. At TreeHouse Foods, our commitment to excellence extends beyond our products and revolves around our people. We are investing in talent and creating a performance-based culture where employees can do their best work, directly impacting our mission to make high quality, affordable food for our customers, communities and families. We hope you will consider joining the team and being part of our future.
What You Gain:
- Competitive compensation and benefits program
- Enrollment in our wellness and employee assistance programs
- Paid holidays, vacation, and other competitive paid time off opportunities
- An inclusive working environment where you can build meaningful work relationships with a diverse group of people
- Leaders who are invested in supporting your career growth
- Opportunities to be recognized for outstanding contributions to your team through our employee recognition programs
Job Description:
About the Role:
The Senior Director, Cyber security will be responsible for implementing and running the enterprise cyber security program. This will involve identifying, evaluating, and reporting on cybersecurity risk to information assets, while supporting and advancing business objectives.
The Senior Director, Cyber security position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The Senior Director, Cyber security is responsible for establishing and maintaining the cyber security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate.
A key element of the Senior Director, Information Security's role is working with the CIO and executive team to determine acceptable levels of risk for the organization. He or she will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. The Senior Director, Cyber security should understand and articulate the impact of cybersecurity on the business and be able to communicate this to the board of directors and other senior stakeholders.
The Senior Director, Cyber security must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The Senior Director, Cyber security understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter.
The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process, and technology. While the Senior Director, Cyber security is the leader of the cyber security program, they must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the Senior Director, Cyber security is a business leader, and should have a track record of competency in the field of cyber security and/or risk management, with seven to 10 years of relevant experience, including five years in a significant leadership role. You’ll add value to this role by performing various functions including, but not limited to:
Establish Governance and Build Knowledge
- Facilitates a cyber security governance structure through a governance program, including the corporate cybersecurity steering committee.
- Responsible for regular reporting on the current status of the cyber security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
- Develops, socializes and coordinates approval and implementation of security policies.
- Works with the vendor management office to ensure that cyber security requirements are included in contracts by liaising with vendor management and procurement organizations.
- Directs the creation of a targeted cyber security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
- Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
- Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
- Embeds Cyber Judgement across a decentralized or distributed decision making model.
- Leads the security champion program to mobilize employees in all locations.
Lead the Organization
- Leads the cyber security function across the company to ensure consistent and high-quality cyber security management in support of the business goals.
- Determines the cyber security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.
- Manages the budget for the cyber security function, monitoring and reporting discrepancies.
- Manages the cost-efficient cyber security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews.
Set the Strategy
- Develops a cyber security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate.
- Develops, implements and monitors a strategic, comprehensive cyber security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
Develop the Frameworks
- Develops and enhances an up-to-date cyber security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
- Develops and maintains a document framework of continuously up-to-date cyber security policies, standards and guidelines. Oversees the approval and publication of these cyber security policies and practices.
- Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive level.
Build the Network and Communicate the Vision
- Creates the necessary internal networks among the cyber security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
- Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
- Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
- Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that cyber security requirements are implicit in these architectures and security is built in by design.
Operate the Function
- Creates a risk-based process for the assessment and mitigation of any cyber security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
- Works with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
- Defines and facilitates the processes for cyber security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
- Ensures that security is embedded in the project delivery process by providing the appropriate cyber security policies, practices and guidelines.
- Manages and contains cyber security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
- Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action.
- Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity and disaster recovery programs, with the realization that components supporting primary business processes may be outside the corporate perimeter.
- Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
Important Details: This is a hybrid position.
About You:
- Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.
- Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
Desired, but not required:
- Certified Information Systems Security Professional (CISSP), Certified Cyber security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Experience with contract and vendor negotiations.
Technical and Business Experience
- Knowledge and understanding of relevant legal and regulatory requirements.
- Knowledge of common cyber security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Sound knowledge of business management and a working knowledge of cyber security risk management and cybersecurity technologies.
- Up-to-date knowledge of methodologies and trends in both business and IT.
Knowledge and Skills
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate cyber security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
- Ability to lead and motivate the cyber security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
Your TreeHouse Foods Career is Just a Click Away!
Click on the “Apply” button or go directly to www.treehousefoods.com/careers to let us know you’re ready to join our team!
TreeHouse Use Only: #IND1
TreeHouse Foods is a private label food and beverage leader focused on customer brands and custom products. When customers partner with TreeHouse they can expect access to an industry-leading portfolio, strategic vision, on-trend innovation and insights, world-class supply chain, operational excellence and flexibility, collaborative approaches, and dedicated customer service.
Our strategy is to be the leading supplier of private label food and beverage products by providing the best balance of quality and cost to our customers. We engage with retail grocery, food away from home, and industrial and export customers, including most of the leading grocery retailers and foodservice operators in the United States and Canada.
Our portfolio includes a variety of shelf-stable, refrigerated, and snack products.
Customers can expect comprehensive flavor profiles including natural, organic, and preservative-free ingredients in many categories and packaging formats.
TreeHouse Foods is best known for food and beverages produced by our two largest businesses Bay Valley Foods, LLC (including E.D. Smith and Sturm Foods) and TreeHouse Private Brands. With more than 10,000 employees in over 35 plants across the United States, Canada, and Italy, TreeHouse Foods is based in Oak Brook, Illinois.
Disability Assistance
TreeHouse Foods is an Equal Employment Opportunity Employer and offers opportunities to all job seekers, including those with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to disability-accommodations@treehousefoods.com. In your email please include a description of the specific accommodation you are requesting and a description of the position for which you are applying.
To all recruitment agencies: TreeHouse Foods does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses, Treehouse Foods employees, or any company location(s). TreeHouse Foods is not responsible for any fees related to unsolicited resumes/CVs.
EEO Considerations: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability, or protected veteran status.
#J-18808-Ljbffr