Chief Information Security Officer (CISO)
Avient Corporation
Job Summary
The Chief Information Security Officer (CISO) is responsible for leading and directing the global information security strategy, policy, and program for the organization. This role involves safeguarding the companys information assets, managing risks, and ensuring compliance with relevant regulations across all regions in which the company operates. The CISO will collaborate closely with the CIO, legal, privacy, and business leaders, as well as senior management, IT staff, internal and external auditors, and other stakeholders to update and enhance the existing security plan based on evolving business dynamics.
This position also involves overseeing global security architecture, engineering, and operations; managing and maturing the Governance, Risk, and Compliance (GRC) team; organizing and leading the Executive Security Council; ensuring compliance with global regulatory requirements; and continuously improving the organizations security posture while maintaining financial and operational efficiency.
Essential Functions
Update and Implement Security Strategy: Refine and execute a global information security strategy that adapts to business dynamics and aligns with the organizations objectives and regulatory requirements across all regions, incorporating cybersecurity frameworks such as ISO 27001 and COBIT for IT-related risks and IT governance. Focus on improving the organizations overall security posture while balancing financial and operational efficiency.
Global Security Architecture and Engineering: Lead the development and implementation of global security architecture and engineering strategies to protect the organizations information assets. Oversee the design, deployment, and management of security technologies and controls worldwide, including cloud security, AI & ML security, and data privacy, ensuring solutions are both effective and cost-efficient
Global Security Operations: Direct the global security operations to ensure effective monitoring, detection, response, and recovery from security incidents. Implement and oversee advanced security monitoring systems and tools across all regions, optimizing for both security and cost-effectiveness.
Oversight of Global GRC Team: Provide strategic oversight and management of the Governance, Risk, and Compliance (GRC) team, ensuring its maturation and alignment with the organizations global security objectives. Develop and enhance the GRC function to ensure effective governance, risk management, and compliance practices globally, while maintaining operational efficiency. Leverage metrics and share with the Cybersecurity and Senior Leaders to make data driven decisions.
Third-Party Risk Management: Formalize and mature the third-party risk management program by establishing a comprehensive framework to evaluate, monitor, and manage risks associated with third-party vendors and partners across all regions. Ensure ongoing risk assessments, compliance reviews, and continuous improvement of third-party security practices, with a focus on minimizing costs and maximizing security.
Regulatory Compliance: Manage and address compliance with NIS2 and other global regulatory requirements, including but not limited to GDPR, CCPA, and industry-specific standards. Oversee efforts to achieve and maintain CTPAT certification and any other relevant certifications globally, while ensuring efficient use of resources.
Policy and Compliance: Maintain, enforce, and update global information security policies, standards, and procedures to ensure compliance with current laws, regulations, and industry standards in all regions. Strive for policies that enhance security while promoting operational and financial efficiency.
Incident Response: Lead the global incident response team in identifying, investigating, and responding to security breaches and incidents.