Key Responsibilities: 

• Drive all efforts to elevate Crown’s security posture not only to meet the legal and regulatory requirements but also to satisfy the high bar we have for protecting our information systems, data, and employees. 
• Work with global stakeholders at all levels across the company to understand business processes and lead the development of security controls aligned with these processes.
• Break new ground by leading, developing, and implementing a global comprehensive security program, oversee information security governance, security incident response, identify business risks most relevant to the company, advise CISO and other senior security leaders on information security strategy and resource investments, create appropriate policies, implement effective practices for security awareness and identify, evaluate and report on information security risks in a manner that meets business, compliance and regulatory requirements.
• Position requires a leadership approach that is engaging, collaborative and business driven with the strong ability to work with peers and executive leaders to best balance between business, security, IT and Engineering priorities.
• Provide leadership, technical/strategic direction to regional information security leaders.  Develop critical relationships with IT and functional organizations.   
• Define metrics and reporting strategies that effectively communicate successes and progress of the security program to executive leadership. 
• Serves as Crown Security Incident Manager; supervise & lead security events and investigations and participate in problem and change management forums.
• Invoke Crown security incident response plan and facilitate the reporting and remediation, when necessary.
• Direct activities of threat and vulnerability management, information security operations, and identification of risk tolerances, recommended treatment plans and communication on residual risk.
• Lead all internal and external cybersecurity assessment activities as well as external audits. 
• Assist in engagements with regulatory bodies, customers, and partners on information security matters.
• Review, approve, develop, and train on information protection policies and procedures. Ensures deployment of effective training across the company, robust security operations, and compliance with those policies and procedures.

Job Requirements

Minimum Requirements

• Bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is a plus
• Minimum of 10 years of IT experience, with 8 years in an information security role
• Strong leadership skills and the ability to work effectively with IT leadership teams, IT Infrastructure, and Engineering management
• CISSP and/or CISM certifications
• Proven experience with business impact and risk assessments, information security audits of IT infrastructure, software systems and cloud-based security operations.
• Experience driving or overseeing application security reviews, penetration testing and vulnerability management activities.
• Knowledge and understanding of information security frameworks and standards such as NIST and ISO 27001.
• Proven experience successfully leading high-growth organizations through standard security and compliance certifications.
• Experience with developing and operating security monitoring and incident response programs and relevant tools (SIEM).
• Experience in securing public cloud environments such as (AWS, GCP or Azure) and modern / cloud-native software stack via threat modeling, ‘defense-in-depth’ architectures, and application security best practices.

Nice to Haves:

• Experience with Zero Trust Architecture
• Familiarity with applicable legal and regulatory requirements – SOX, HIPAA, GDPR etc.
• Strong project management skills and experience in managing project plans, including budgeting and resource allocation.