PolyOne
Chief Information Security Officer (CISO)
PolyOne, Avon Lake, Ohio, United States, 44012
Chief Information Security Officer (CISO)
Job Summary
The
Chief Information Security Officer (CISO)
is responsible for leading and directing the global information security strategy, policy, and program for the organization. This role involves safeguarding the company's information assets, managing risks, and ensuring compliance with relevant regulations across all regions in which the company operates. The CISO will collaborate closely with the CIO, legal, privacy, and business leaders, as well as senior management, IT staff, internal and external auditors, and other stakeholders to update and enhance the existing security plan based on evolving business dynamics.
This position also involves overseeing global security architecture, engineering, and operations; managing and maturing the Governance, Risk, and Compliance (GRC) team; organizing and leading the Executive Security Council; ensuring compliance with global regulatory requirements; and continuously improving the organization's security posture while maintaining financial and operational efficiency.
Essential Functions
Update and Implement Security Strategy:
Refine and execute a global information security strategy that adapts to business dynamics and aligns with the organization's objectives and regulatory requirements across all regions, incorporating cybersecurity frameworks such as ISO 27001 and COBIT for IT-related risks and IT governance.Global Security Architecture and Engineering:
Lead the development and implementation of global security architecture and engineering strategies to protect the organization's information assets.Global Security Operations:
Direct the global security operations to ensure effective monitoring, detection, response, and recovery from security incidents.Oversight of Global GRC Team:
Provide strategic oversight and management of the Governance, Risk, and Compliance (GRC) team.Third-Party Risk Management:
Formalize and mature the third-party risk management program.Regulatory Compliance:
Manage and address compliance with NIS2 and other global regulatory requirements.Policy and Compliance:
Maintain, enforce, and update global information security policies, standards, and procedures.Incident Response:
Lead the global incident response team in identifying, investigating, and responding to security breaches and incidents.Executive Security Council:
Organize and lead the Executive Security Council.Security Metrics and Reporting:
Oversee and enhance global security monitoring systems.Security Awareness:
Foster a culture of security awareness across the global organization.Collaboration:
Collaborate closely with IT, legal, privacy, compliance, and business units.Auditor Collaboration:
Work closely with internal and external auditors.Monitoring and Reporting:
Oversee and enhance global security monitoring systems.Budget Management:
Develop and manage the global information security budget.Vendor Management:
Evaluate and manage relationships with global security vendors and service providers.Other duties as assigned.
Education and Experience
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A master's degree or relevant certifications (e.g., CISSP, CISM, CISA) is preferred.A minimum of 10 years of experience in information security, with at least 5 years in a leadership role.Technical Skills: In-depth knowledge of information security principles, practices, and technologies.Leadership: Proven ability to lead and manage a diverse, global team of security professionals.GRC Oversight: Demonstrated experience in overseeing and maturing a Governance, Risk, and Compliance (GRC) function.Collaboration: Demonstrated experience in working closely with legal, privacy, business leaders, and internal and external auditors.Executive Council Leadership: Experience organizing and leading cross-functional executive committees or councils.Regulatory Compliance: Experience managing compliance with NIS2, GDPR, CCPA, and other global regulatory requirements.Third-Party Risk Management: Proven experience in developing, implementing, and maturing a third-party risk management program.Communication: Excellent verbal and written communication skills.Analytical Skills: Strong analytical and critical thinking abilities.Ethical Standards: High level of integrity and ethical standards in managing sensitive information.
Environmental, Health, Safety, & Security (EHS&S) Requirements
Avient integrates EHS&S into all aspects of our operations. Each position at Avient is responsible for complying with all applicable EHS&S requirements.
Who We Are
Avient Corporation provides specialized and sustainable material solutions that transform customer challenges into opportunities. For more information, visit www.avient.com.
Why Avient
Avient Corporation is a world-class sustainable organization built on innovation, collaboration, and employee development. We believe diversity of ideas and backgrounds gives us the creativity to be successful in a rapidly changing world. Avient Corporation is a drug-free workplace and an equal opportunity employer.#J-18808-Ljbffr
Job Summary
The
Chief Information Security Officer (CISO)
is responsible for leading and directing the global information security strategy, policy, and program for the organization. This role involves safeguarding the company's information assets, managing risks, and ensuring compliance with relevant regulations across all regions in which the company operates. The CISO will collaborate closely with the CIO, legal, privacy, and business leaders, as well as senior management, IT staff, internal and external auditors, and other stakeholders to update and enhance the existing security plan based on evolving business dynamics.
This position also involves overseeing global security architecture, engineering, and operations; managing and maturing the Governance, Risk, and Compliance (GRC) team; organizing and leading the Executive Security Council; ensuring compliance with global regulatory requirements; and continuously improving the organization's security posture while maintaining financial and operational efficiency.
Essential Functions
Update and Implement Security Strategy:
Refine and execute a global information security strategy that adapts to business dynamics and aligns with the organization's objectives and regulatory requirements across all regions, incorporating cybersecurity frameworks such as ISO 27001 and COBIT for IT-related risks and IT governance.Global Security Architecture and Engineering:
Lead the development and implementation of global security architecture and engineering strategies to protect the organization's information assets.Global Security Operations:
Direct the global security operations to ensure effective monitoring, detection, response, and recovery from security incidents.Oversight of Global GRC Team:
Provide strategic oversight and management of the Governance, Risk, and Compliance (GRC) team.Third-Party Risk Management:
Formalize and mature the third-party risk management program.Regulatory Compliance:
Manage and address compliance with NIS2 and other global regulatory requirements.Policy and Compliance:
Maintain, enforce, and update global information security policies, standards, and procedures.Incident Response:
Lead the global incident response team in identifying, investigating, and responding to security breaches and incidents.Executive Security Council:
Organize and lead the Executive Security Council.Security Metrics and Reporting:
Oversee and enhance global security monitoring systems.Security Awareness:
Foster a culture of security awareness across the global organization.Collaboration:
Collaborate closely with IT, legal, privacy, compliance, and business units.Auditor Collaboration:
Work closely with internal and external auditors.Monitoring and Reporting:
Oversee and enhance global security monitoring systems.Budget Management:
Develop and manage the global information security budget.Vendor Management:
Evaluate and manage relationships with global security vendors and service providers.Other duties as assigned.
Education and Experience
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A master's degree or relevant certifications (e.g., CISSP, CISM, CISA) is preferred.A minimum of 10 years of experience in information security, with at least 5 years in a leadership role.Technical Skills: In-depth knowledge of information security principles, practices, and technologies.Leadership: Proven ability to lead and manage a diverse, global team of security professionals.GRC Oversight: Demonstrated experience in overseeing and maturing a Governance, Risk, and Compliance (GRC) function.Collaboration: Demonstrated experience in working closely with legal, privacy, business leaders, and internal and external auditors.Executive Council Leadership: Experience organizing and leading cross-functional executive committees or councils.Regulatory Compliance: Experience managing compliance with NIS2, GDPR, CCPA, and other global regulatory requirements.Third-Party Risk Management: Proven experience in developing, implementing, and maturing a third-party risk management program.Communication: Excellent verbal and written communication skills.Analytical Skills: Strong analytical and critical thinking abilities.Ethical Standards: High level of integrity and ethical standards in managing sensitive information.
Environmental, Health, Safety, & Security (EHS&S) Requirements
Avient integrates EHS&S into all aspects of our operations. Each position at Avient is responsible for complying with all applicable EHS&S requirements.
Who We Are
Avient Corporation provides specialized and sustainable material solutions that transform customer challenges into opportunities. For more information, visit www.avient.com.
Why Avient
Avient Corporation is a world-class sustainable organization built on innovation, collaboration, and employee development. We believe diversity of ideas and backgrounds gives us the creativity to be successful in a rapidly changing world. Avient Corporation is a drug-free workplace and an equal opportunity employer.#J-18808-Ljbffr