Director, Information Security Architecture

It’s an exciting time to join International Flavors & Fragrances’ (IFF) Information Security Team in Union Beach, NJ.  As Director, Information Security Architecture, you will oversee Information Security architectural designs, processes, and technologies.

Reporting into the Chief Information Security Officer (CISO), you will oversee the design, build, and deployment of a next-generation multi-pronged Information Security and network defense capability. You will be accountable for establishing an enterprise Information Security stance through policy, architecture, and training processes. You will enable the selection of appropriate Information Security solutions and will provide oversight of any vulnerability audits and assessments.  You will have the opportunity to have a significant impact by interfacing with peers in Information Technology and with business leaders to both share the enterprise Information Security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.

To be successful in this role you must have significant experience in Information Security Architecture Strategy/Planning and Technology Innovation/Acquisition.  You will be expected to demonstrate strong strategic agility, business acumen, creative thinking, stakeholder management, collaboration tendencies, and influence skills.

 

• Ensuring the planning, development, implementation, and maintenance of the enterprise’s Information Security architecture.


• Ensuring the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories.


• Determining Information Security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses and risk assessments, studying architectures/platforms, identifying integration issues, and preparing cost estimates.


• Planning for Information Security systems by evaluating network and security technologies, developing requirements for Local Area Networks (LANs), Wide Area Networks (WANs), Virtual Private Networks (VPNs), routers, firewalls, and other Information Security devices, and designing Public Key Infrastructures (PKIs).


• Leading and/or contributing to the creation and maintenance of the enterprise’s Information Security documents (policies, standards, guidelines and procedures). Ensuring enforcement of these enterprise Information Security documents.


• Supervising the design and execution of vulnerability assessments, penetration tests, and security audits.


• Performing assessments of Information Security programs and making strategic recommendations and priority recommendations related to improvements.


• Preparing for, and potentially presenting at, the Information Security Steering Committee, Executive Committee, and Board of Directors meetings.


• Preparing senior-level technical reports for executive management.


• Engaging in ongoing communications with peers in Information Technology and the various business groups to ensure enterprise wide understanding of Information Security goals, to solicit feedback and to foster cooperation.


• Managing relationships with third party service providers, including negotiation of contract language and evaluation of third-party risk related to privacy and Information Security practices.


• Ensuring a robust governance process for deploying information security technologies and processes, including integration of legal, regulatory, and local organizational requirements.


• Preparing financial forecasts and budgets for Information Security technologies and processes.


• Maintaining up-to-date knowledge of the Information Security industry, including awareness of innovative information security solutions/processes, emerging standards, and new threat vectors by reading professional publications, maintaining personal networks, and participating in professional organizations.
  
   

• Strong interpersonal communication skills, analytical abilities, detail focused, quality focused, and problem-solving skills, as well as broad knowledge of business functions, information technologies, and security and compliance practice on a global level.


• A demonstrated ability to integrate various information security, network and data protection technologies and controls into a cohesive solution that sufficiently mitigates risk.
  
   

• Demonstrated experience in enterprise solutions and implementation of technology and process solutions to reduce the potential risk of data compromise and network viability.


• Significant experience in information and/or network security, including hands on experience in security systems (e.g. firewalls, intrusion detection systems, endpoint software, authentication systems, log management, content filtering, etc.).


• Proven working experience in building and maintaining security and network infrastructure


• Demonstrated experience in delivering comprehensive solutions to complex security issues on a global scale.


• Infrastructure security experience; including the ability to perform technical third-party risk assessments and knowledge of datacenter and Cloud infrastructure and application security design.


• 10+ years of demonstrated Information Security experience.


• Preferred: Bachelor’s and/or Master’s degree in Information Security, Computer Science, Engineering, Technology or a related technical field.


• Preferred: CISSP or similar information security certificate (e.g. CRISC, CISA, CEH, CISM).


• Preferred: Experience in pharmaceuticals, manufacturing, or other regulated industries.
  
   

• DRIVE INNOVATION. Generate new/unique solutions and embrace new ideas that further secure our business.


• OWN. Deliver results, creating value for our Brands, our Systems, our customers, and our key stakeholders.


• INSPIRE OTHERS. Inspire people to deliver our mission and vision, demonstrate passion, and enable our customers to believe in our vision too.


• COLLABORATE. Enhance Information Security team accomplishments and competency by supporting/mentoring less experienced team members, teaching improved processes, and managing engineers, outsource vendors, partners, auditors, and other persons tasked with maintaining Information Security.