CASY-MSCCN Jobs

CASY-MSCCN Logo

Job Information

Greene Tweed Manager Cyber Security in Lansdale, Pennsylvania

At Greene, Tweed, you'll find the cutting-edge technology, world-class polymer expertise and endless advancement opportunities you'd expect from a multi-national industry leader. You'll find them all in an environment that embraces diversity in people and opinions, moves decision making to the point of impact, and celebrates your success.

If you enjoy continuous learning and are excited about working with and creating technological solutions, explore career opportunities with Greene, Tweed.

Essential Duties/Responsibilities :

  • Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals

  • Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas

  • Manages the budget for the information security function

  • Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization

  • Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations

  • Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines

  • Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels

  • Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable

  • Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings

  • Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines

  • Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk

  • Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation

  • Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action

  • Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter

  • Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas

  • By partnering with Legal ensure compliance to Data Protection laws and regulations by contributing to the development and implementation of the data protection strategy that aligns with privacy goals and ensures compliance

  • Act as the primary point of contact for all Data privacy matters including a Data breach or other data incident to ensure these are swiftly addressed

  • In partnership with Legal, ensure Vendor and Third Party Risk Management: Ensure that DPAs (Data processing agreements) are in place with all vendors to ensure that they meet the organizations standards and compliance requirements

  • Compliance Monitoring: In conjunction with other relevant functions, act as a trusted partner in the reviewing and auditing of data protection practices within the organisation to identify, assess and mitigate risks and determine appropriate controls

  • Work with IT to ensure all appropriate controls are in place for the security of data

  • Privacy Impact Assessments: Conduct privacy impact assessments for all new projects, systems or processes that involve the processing of personal data

  • Liaise with the German Data Protection Officer to ensure compliance with requirements specific to Germany, any outcomes from the periodic Data privacy audit and in alignment with Works Council requirements

  • Data Access requests: Manage all DSARs: Manage and facilitate the process of Data Subject Access Requests in alignment with GDPR requirements

  • Maintain a repository of data protection materials for easy accessibility and monitoring

Required Minimum Qualifications

  • Demonstrated experience and success in a leadership roles in risk management, information security, and IT or OT security

  • Knowledge and understanding of relevant legal and regulatory requirements, such as: GDPR

  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

  • Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies

  • Experience managing a global organization.

  • Understanding of privacy at a regional level

  • Extensive experience of GDPR and US Data Privacy

  • Up-to-date knowledge of methodologies and trends in both business

Education/Certifications:

  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience

  • Desired, but not required:

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials

Skills and Experience:

  • Track record of competency in the field of information security and/or risk management, with three years of relevant experience including three years of leadership managing others.

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels

  • Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist

  • Project management skills: financial/budget management, scheduling and resource management

Job Environment :

Physical Requirements:

Standing Occasionally (16-45%)

Sitting Occasionally (16-45%)

Lifting Up to 10lbs without assistance

Carrying Up to 10lbs without assistance

Walking Occasionally (16-45%)

Hearing Ability to detect noises with or without corrective device(s)

Vision Clarity of vision, with or without corrective lenses

Mental Requirements:

Problem Solving Frequently (46-100%)

Making Decisions Ability to make decisions that have a significant impact

Supervise Frequently (46-100%)

Interpret Data Frequently (46-100%)

Organize Frequently (46-100%)

Read/Write Frequently (46-100%)

Communication Frequently (46-100%)

Work Environment

High Temperatures Rarely (0-15%)

Low Temperatures Rarely (0-15%)

Noises Moderate (business office with computers, printers and light office noises)

Fumes Exposure Rarely (0-15%)

Note: This Job Description in no way states or implies that these are the only duties to be performed by the employee occupying this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by the Supervisor. All requirements are subject to change and updates.

The referenced salary range is based on the Company's good faith belief at the time of posting and any applicable collective bargaining agreements. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We also provide eligible employees with a competitive benefits package that includes health insurance, flexible spending accounts, health savings account, 401k savings plan, life and disability insurance, tuition assistance and more, to meet the diverse needs of all employees and their family members.

Equal Opportunity Employer:

Greene, Tweed is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, physical or mental disability, veteran status, or any other federally protected class.

Drug Free Workplace:

Greene, Tweed is a Drug Free Workplace. Employment is contingent upon successful completion of a pre-employment drug screening and background investigation subject to federal, state, and local laws.

NOTE: Greene, Tweed is not seeking assistance or accepting unsolicited resumes from search firms for employment opportunities, unless they have a written agreement for the position they are contacting us about. Regardless of past practice, all resumes submitted by search firms to any employee at GT without a valid written search agreement in place for that position will be deemed the sole property of Greene, Tweed, and no fee will be paid in the event the candidate is hired by Greene, Tweed as a result of the referral or through other means.

DirectEmployers