Director of Cybersecurity Risk Management

About the position

The Director of Cybersecurity Risk Management plays a critical role in leading Perdue's enterprise cyber risk program in managing and reducing cyber risk while enabling strategic IT and business outcomes. In this role you will oversee a team leading and building out our cybersecurity risk practice, security assessments, third party risk, control frameworks, policies, standards, and reporting metrics. The ideal candidate will be an experienced risk professional, with strong knowledge of multiple cybersecurity domains, industry frameworks (e.g. NIST CSF, 800-53) and industry and regulatory requirements (e.g. SOX, HIPAA, PCI, CCRA). As a thought leader you will provide strategic input into our multi-year roadmaps, cyber risk strategy, and advise IT and business stakeholders on cyber risk. This position is based at corporate headquarters in Salisbury, MD.

Responsibilities

• Reporting directly to the CISO, this role will help mature the cybersecurity governance, risk, and compliance program, including build out of the program and three-year roadmap.
• Leading the development and implementation of a comprehensive cybersecurity frameworks (NIST CSF) and benchmarking maturity targets.
• Lead the development and implementation of comprehensive cybersecurity policies, standards, and procedures, ensuring they are current, relevant, and communicated effectively across the organization.
• Leading a team to develop comprehensive security assessments to identify, assess, and prioritize cybersecurity risks that include risk mitigation strategies with IT and business teams.
• Oversee build-out of GRC platform and capabilities for tracking of risk and compliance (e.g. risk register, risk documentation, risk acceptance, asset classification, etc.)
• Manage and oversee third party cyber risk program, partnering with key technical and business stakeholders (Procurement, Legal, Enterprise Risk, etc.), to ensure cyber protections, resilience, and contractual provisions in our vendor and supplier operations and agreements.
• Develops metrics and reporting to track performance of cybersecurity program as well as prioritize risk and develop a risk-informed strategy for addressing current gaps and future threats.
• Partner with Internal Audit on addressing the assessment of internal controls, findings, and SOX / ITGC compliance.
• Evaluate cyber trends and compliance requirements to ensure organizational efficiency and alignment with the overall cybersecurity mission, vision, and strategy.
• Conduct bi-annual cyber maturity assessment to assess progress against desired level and industry targets.
• Provide governance for DR planning and cyber resilience.
• Stay abreast of evolving cybersecurity threats, regulations, and industry best practices.

Requirements

• BS degree in Business, Information Security, Management Information Systems or related major.
• At least 10 years of experience in cybersecurity with a minimum of five (5) years demonstrated expertise in cybersecurity governance, compliance, and third-party risk management.
• Proven leadership experience with at least 5 years' experience managing cross-functional teams or projects.
• In-depth knowledge of IT security governance and operations, including creating and implementing security frameworks, policies, and procedures.

Nice-to-haves

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), etc.
• Strong understanding of risk management principles and compliance requirements related to cybersecurity.
• Experience with various industry regulations and frameworks (PCI, HIPAA, Privacy Laws, ISO27001/2, NIST CSF, etc.)
• Experience with GRC tools such as Service Now, Archer, etc.
• Experience developing, tracking, and reporting on KPIs/KRIs for reporting and status updates.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.
• Strong verbal and written communication skills, with the ability to effectively communicate complex cybersecurity and IT issues to non-technical stakeholders.
• Experience in coordinating work across multiple functions and be adept at building consensus across organizational and functional lines.
• Strong analytical, including data mining, analysis, trending, problem solving and project management skills.
• Thorough understanding of cyber threats and vulnerabilities.
• Excellent leadership and team management skills.

Benefits

• Medical/Rx
• 401(k) with employer match after 1 year
• Critical illness insurance
• Accident insurance
• Dental insurance
• Vision insurance
• Life insurance
• Optional group life insurance
• Short-term and long-term disability protection
• Flexible spending accounts
• Paid time off