VP of Information Security
PTC - The Product Development Company - Needham, MA

This job posting is no longer available on PTC - The Product Development Company. Find similar jobs: VP Information Security jobs - PTC jobs

The Vice President of Information Security (VPIS) will establish and lead an enterprise-wide information security and assurance function with the objective of ensuring that security and compliance risks related to information systems and assets are identified and managed in accordance with external regulatory and legislative requirements while also delivering against internal policy constraints. In addition, the VP IS will help set strategy for this function and be accountable for the creation, implementation and oversight of global programs to achieve the objective.

Establish and lead global information security function:
·


Provide leadership, vision and management to establish a global enterprise information security and risk management function and put in place the appropriate capability and architecture across the organization.
·
Lead programs and processes to monitor the emergence of new threats and vulnerabilities, assess impact and drive responses as appropriate.
·
Ensure that clear and timely business advice is provided to executive management on key information security and assurance issues.
·
Ensure that information security and risk management is adequately represented on relevant business and governance forums and is known, well-integrated, and well-respected across the enterprise.
Key Program Responsibilities:

Information security oversight
·


Build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk appetite.
·
Manage the creation and production of timely, accurate, and informative business and IT metrics relating to information risk initiatives.
·
Utilize the metrics to prioritize key initiatives and respond to negative trends.
·
Create, manage, and deliver to PTC staff effective information security awareness training. Ensure that this training addresses key risk areas, offers insight into staff obligations under policies, and reflects current threats.
·
Ensure that all IT and information security programs are in compliance with applicable laws, regulations, and policies.
·
Keep abreast of IT governance issues and seek executive attention to issues as required.
Information risk management
·


Develop and maintain the information security risk management process to identify, quantify, catalog, and remedy information risk across the enterprise.
·
Define, implement, and maintain the organization’s global information risk management strategy, collaborating with appropriate business management leads and committees to get buy-in and build momentum.
·
Oversee the maintenance of a global information security and risk management policy set, including standards and processes that fit the organization at all levels.
·
Ensure the globalization of policies, reflecting local variations.
·
Develop and manage the process to administer policy exceptions, ensuring that they are subject to appropriate controls, both before and after approval.
·
Ensure that strategic information security and risk guidance is provided to third-party suppliers in accordance with internal frameworks, and ensure compliance with required controls.
·
Conduct information risk assessments across the enterprise at suitable intervals. Ensure that key risk issues are understood, communicated, and tracked on the risk register.
·
Regularly verify that required information security and risk controls are in place, raising audit report findings as non-compliance items are found, and driving improvement.
·
Ensure that internal audits are supported in development of an annual strategic audit plan.
Security architecture and engineering
·


Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Determine potential impact on the organization’s risk posture.
·
Develop and maintain an effective information security architectural approach, ensuring that the approach is implemented in accordance with appropriate standards.
·
Collaborate with individuals responsible for enterprise architecture to define information security architecture specifications and to ensure that information security architecture standards, policies, and procedures are available and enacted consistently across application development projects and programs.
·
Collaborate with application owners to understand the risk position around key business applications.
·
Address perceived risk shortfalls as appropriate.
·
Establish processes to respond in a timely and proactive manner to significant information security breaches.
·
Respond appropriately to investigations and forensic requests, managing situations with discretion, sensitivity, and objectivity.
·
Collaboratively engage with product development teams and business representatives to facilitate a globally standardized approach and governance structure designed to address information and product security.
Security operations
·


Ensure the consistent application of security standards across global technical infrastructure. Collaborate with the Operations teams to ensure they monitor, manage, and deploy security controls as appropriate to support business needs while minimizing risk.
·
Oversee the close management and analysis of security information and events.
·
Ensure that processes are in place and that staff is appropriately skilled to respond to security incidents.
·
Lead the effort to maintain an effective and timely program to manage identity and access privileges.
Desired knowledge, skills and attributes:
·


The applicant should have 10+ years of experience successfully leading comparable, global information risk, security, and possess knowledge to transform governance functions and change corporate culture.
·
Extensive experience in information security architecture, consultative stakeholder management, and strategic planning.
·
Deep understanding of the enterprise information security architecture discipline, processes, concepts, best practices, and trends.
·
Demonstrated ability to lead the response to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail.
·
Demonstrated personal values aligned with the corporate values, providing a role model for the team.
·
Energy and a clear passion for the role.
·
Willingness to travel internationally, with experience dealing with different nationalities and cultures.
·
Excellent written and verbal business English.
·
Proven integrity and the ability to handle confidential matters in a professional manner, applying the appropriate level of judgment and maturity.
·
Professional certification, such as a master’s degree, CISSP, CISM, CISA, CRISC, or other information security credentials, is preferred.
·
Knowledge of information security and risk control frameworks such as COBiT, ISO 2700x, ITIL, and ISO 31000 is preferred.
·
Knowledge of business continuity and IT disaster recovery frameworks such as BS 25999 and BS 25777 is preferred.
·
Experience in the enterprise software product development sector is preferred.
Basic Qualifications: Bachelor degree

PTC - The Product Development Company - 23 months ago - save job - copy to clipboard
About this company
44 reviews
PTC (Nasdaq: PMTC) enables manufacturers to achieve maximum value from their product strategies with software and services designed to...