Nouryon has an outstanding opportunity for an Information Security Manager in Houston, TX.
Nouryon’s Information Management (IM) function is a global organization that supports all businesses, functions and country organizations. Our mission is to provide fit for purpose and effective IT services to help exceed our company ambition and grow talent and capabilities within the organization. Central to our success is a sophisticated strategy and structure, delivered via a diverse and flat organizational structure that enables an agile and flexible approach.
As Information Security Manager, you combine your technical expertise and strategical thinking, and translate these into innovative strategic, technological and operational solutions that effectively mitigate Nouryon-wide cyber risk to an acceptable level.
Key responsibilities include:
- Portfolio Management of the IM related Cyber Portfolio.
- Act as Information Manager towards the Office of the CISO and translate the Cyber Program into IM related demand/projects.
- Program Management of the IM related Cyber projects
- Act as Program Manager for the implementation of IM Cyber related projects.
- Define IM standards, policies, procedures and controls within the Cyber domain.
- Create, maintain and implement the IM related cyber security framework, including policies, standards, procedures and controls (embedded within the IM Operating Model).
- Assess and manage the IM cyber risks.
- Actively manage IM cyber risks.
- Drive and monitor remediation actions.
- Contribute to the continuous employee cyber security awareness program.
- Awareness programs will be executed by the Office of the CISO.
- Facilitate the awareness creation within the IM organization.
- Create the right IM services to support the awareness program.
- Monitor & report of compliance with IM cyber security controls and track improvements.
- Involvement in compliance monitoring process to ensure monitoring of cyber security controls
- Track improvements related to cyber security with relevant action owners.
- Drive projects to make improvements.
- Report status on basis of KPI’s to stakeholders (like IM and CISO)
- Detection, response and recovery from cyber security incidents
- Be an active member in case of major incidents.
- Support the cyber security incident management process.
- Manage the relationship with the SOC (managed service).
- Define and report on relevant KPIs
- Support the creation of the Security Architecture
- Support the Enterprise Architects in creating the Enterprise Architecture for the Cyber domain.
- Support specific cyber security-related investigations requested by the Office of the CISO.
- Master’s degree in business management, computer science, computer engineering, mathematics or a related field of study;
- Eight to ten years work experience in IT, including a number of years in IT Security (e.g., CISM or CISSP)
- Experience defining policies and control frameworks (NIST CSF, ISO27001, COBIT)
- Experience managing cyber security risks.
- Experience managing processes including security incident management
- Experience working with suppliers including outsourced SOC providers
- Broad knowledge of IT Governance and Information Security issues (e.g. CobIT, ISO27001)
- Broad and deep knowledge of the relevant technical aspects of information security
- Highly experienced with applicable IT Governance frameworks and market standards.
- Knowledge of cyber security in the process industry (OT / ICS) and relevant standards like IEC 62443
- Knowledge of the business processes in the manufacturing industry/IT
- Experience in explaining relevant issues to non-information security specialists
- Experience with change management
- Experience with managing programs.
- Experience running security awareness programs
- Experience with managing teams of experts (directly/indirectly)
- Experience with driving change and transformation, managing large projects (agile & waterfall), managing teams of experts (directly/indirectly)
- Excellent communication, persuasion and presentation skills. Ability to communicate effectively on leadership level and to technical teams.
- A drive to innovate and continuously improve.
- Fluent in English, both verbal and in writing