Sr. Director, Cybersecurity Operations & Deputy CISO

Sr. Director Cybersecurity Operations & Deputy CISO

At Nouryon our global team of Changemakers takes positive action every day to reach higher collectively and individually. We create innovative and sustainable solutions for our customers to answer societys needs today and in the future.

We are looking for team members who bring ideas forward champion others and work together to do better. Does that sound like you

In your future role as Sr. Director Cybersecurity Operations & Deputy CISO you will

The Deputy Chief Information Security Officer (Deputy CISO) is responsible for supporting the Chief Information Security Officer (CISO) in the development and implementation of the organizations cybersecurity strategy. This role is crucial for safeguarding the companys global Enterprise and Operational Technology (OT) Assets.

The Deputy CISO is accountable to help shape and execute the global cybersecurity strategy ensuring alignment with corporate objectives and operational needs. This includes directing efforts to improve and mature existing capabilities as well as creating new capabilities across all cybersecurity domains. The Deputy CISO is an executive with multi-level leadership responsibilities accountable to the CISO and indirectly the Cybersecurity Steering Committee. This is an operational Deputy CISO role with responsibilities across multiple functions programs projects and initiatives that will change over time to provide exposure to all areas of the Nouryon Cybersecurity Program.

Cybersecurity Leadership:

• Support the CISO in developing strategic objectives

• Assess and recommend enhancements for all environments programs solutions tools and control areas

• Develop and execute operations plans to action strategic objectives

• Implement processes to formalize and mature cybersecurity functions

• Support operating plan development to justify resource allocation and deliver value

• Sync efforts with peer leaders throughout the company to ensure security is adequately baked into every technical project and initiative

Cybersecurity Engineering & Architecture:

• Define cybersecurity requirements that meet the needs of the company and align with the applicable policies frameworks and regulatory mandates

• Select procure onboard and maintain all cybersecurity tooling aligned to best practices meeting internal requirements and adhering to resource limitations

• Approve changes to technical environments recommending and driving mitigations where needed to meet requirements

• Assess cybersecurity risks according to the provided frameworks quantifying scores and proposing treatment options

• Assess IT and OT tools for cybersecurity alignment

• Develop reference architectures and working with IT and OT technologists to ensure security requirements are sustained

• Run improvement programs and projects across IT & OT

Cybersecurity Operations:

• Assess identify opportunities propose improvements and execute action plans to mature functions across all areas of attack surface management including SOC Threat Intelligence and Vulnerability Management

• Improve cybersecurity incident management from incident detection to containment eradication and lessons learnedincluding real-world incidents with a wide range of attack vectors and technological complexities

• Improve performance metrics

• Formalize the domains of security operations including work intake & technical processes

GRC:

• Foster cybersecurity fusion across CISO Office functions

• Develop policies standards plans and playbooks that govern IT and OT security

• Improve Risk Assessment and Risk Management

• Ensure adherence with cybersecurity regulations throughout all regions and global operating theatres

• Formalize the internal cybersecurity compliance program and external audit response

We believe you bring

• Bachelors degree or equivalent business experience in Computer Science Business Management etc.

• Cybersecurity certifications such as CISSP CISM and SANS Certifications

• Project management program management lean six sigma

• Knowledge of NIST ISO standards and frameworks like COBIT and ISO/IEC 27001 / 27002

20 years of experience in cybersecurity with demonstrable success in all of the following domains:

• Cybersecurity engineering & architecture: OS hardening; engineering and sustaining cybersecurity solutions to deliver business value and manage risks at the right level; approving IT and OT technical changes from a cybersecurity perspective; supporting development of standards procedures and playbooks to establish cybersecurity requirements that meet the objectives set by cybersecurity policy.

• Security Operations: operate and mature all SOC functions including continuous monitoring detection engineering Security Information & Event Management (SIEM) solutions threat hunting and efforts to fuse vital cybersecurity functions; event/incident management.

• All aspects of cloud security across multiple providers and environments including SaaS PaaS and IaaS; DevSecOps; infrastructure as code containers cloud-specialized security solutions

• Modern and emerging threats such as those posed by AI ML and quantum computing

• OT Cybersecurity

• Highly regulated environments

• Governance Risk and Compliance

• Threat & Vulnerability Management

• Identity & Access Management

• Technical Cybersecurity Solutioning: requirements development vendor selection procurement onboarding technical implementation support model creation and all sustain efforts; cybersecurity controls design and implementation; building and executing vendor accountability mechanisms; executing proofs of concept; identifying needed improvements to manage emerging threats or evolving company dynamics; developing selection criteria

• Business continuity

• Application security

• Cybersecurity leadership from front line management through executive responsibilities

• Global operations

Great if you have

• Ability to manage and motivate team members

• Self-motivated and drive for result

• Training capabilities

• Good communication writing and listing skills with security team suppliers and colleagues at all levels in the organization

• Demonstrate professionalism and integrity

• Innovation and continuous improvement

We believe you are a team member who has

Leadership Skills:

• Strong leadership skills including first- and second-level management

• Cross-functional leadership in matrixed teams

• Budgetary skills

Technical Skills:

• Knowledge of cybersecurity programs solutions threats and controls

• Familiarity with industry standards and frameworks such as ISO 27001 NIST COBIT etc.

• In-depth understanding of IT infrastructure operating systems networking architecture and cloud Skilled at building relationships and gaining buy-in for security initiatives across all levels of the organization.

• Proficient with MS Office project management software and GRC tools

Analytical Skills:

• Strong ability to evaluate technologies and system configurations assess and mitigate risk and analyze complex security issues and provide realistic solutions

Communication Skills:

• Excellent communication abilities both written and verbal to effectively explain complex cybersecurity concepts to various audiences including technical and non-technical staff management and external stakeholders

Organizational Skills:

• Ability to prioritize tasks manage projects and lead teams in a dynamic business environment

Interpersonal Skills:

Good to know

This is a permanent position on a full-time basis reporting to the CISO Steve Applegate who is located in Houston TX - USA.

Please apply via our online recruitment system. We will not accept applications via e-mail. Once its with us we will review to see if we have a match between your skills and the role! For more information about our hiring process visit: look forward to receiving your application!

We kindly ask our internal candidates to apply with your Nouryon email via Success Factors.

We encourage you as a valued Nouryon employee to share talents from your network to help us to bring in new Changemakers through our new Employee Referral Program! Bringing in new skilled people with a great mindset is beneficial for both you and Nouryon. All info you need to make a referral is here. Join us in growing Nouryon!