Director, Informtaion Security

　　 New York, NY (hybrid)

　　 COTY is looking for smart leaders who are tenacious, passionate, and fearlessly kind.

　　Job Description

　　The Global Director of Information Security and Risk Management is responsible for establishing and maintaining corporate wide information security and risk management programs to ensure that information assets are adequately protected. This position will lead the global Information Security program and is responsible for identifying, evaluating, and reporting on security risks as well as owning and driving the enterprise-wide Cybersecurity program. This position requires a visionary leader with strong skills in technology, security, and risk management. The director will proactively work with Coty Information Technology teams and business units to implement practices that meet defined policies and standards for information security.

　　The Global Director of Information Security and Risk Management serves as the process owner of all ongoing activities related to the integrity and confidentiality of customers, business partners, employees and business information, as well as compliance with the organization's information security policies. A key element of this role is working with executive management to determine acceptable levels of risk for the organization. He or she must be highly knowledgeable about the business environment and must ensure that information system controls are maintained in a fully functional, secure mode.

　　The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, an effective consultant and should possess solid domain competency in the field of information security by having 8 to 10 years of direct experience in this significant leadership role.

　　Responsibilities Include, but are not limited to:

　　Develop, implement, and monitor strategic, comprehensive enterprise information security and risk management programs to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by Coty. Manage the enterprise's security organization, consisting of direct reports and indirect reports (such as individuals in risk management roles), including hiring, training, staff development, performance management and annual compensation review. Develop, communicate, and ensure compliance with Coty's information security policies and standards. Develop and manage information security budgets and monitor them for variances. Work directly with the business units to facilitate risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification, protection and security issue resolution Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 27001/2, the NIST Cybersecurity Framework, or the CIS Top 20. Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls during Architectural Review Boards. Liaise with the IT Business Facing Team to ensure alignment between the security and enterprise solution designers, thus coordinating the strategic planning implicit in projects. Lead information security and risk management projects with staff from the IT organization and business unit teams. Lead the organization through testing and execution of effective incident response procedures. Ensure that security programs are in compliance with applicable laws, regulations, and policies to minimize or eliminate risk and audit findings, specifically SOX, PCI-DSS, and GDPR. Liaise between the information security team and corporate compliance, audit, legal and HR management teams as required. Create and facilitate an effective information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings. Manage security incidents and events to protect corporate Coty's information assets, including intellectual property, fixed assets, and the company's reputation. Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources. Develop business-relevant metrics to measure the efficiency and effectiveness of the security and risk management programs, facilitate appropriate resource allocation and increase the maturity of these programs. Facilitate business alignment and communications by forming an information security and/or risk management steering committees or advisory boards.

　　Requirements and Qualifications

　　Minimum of 8 to 10 years of experience in a combination of risk management, information security, and cybersecurity. Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. Must be a critical thinker with strong problem-solving skills. Knowledge of technological trends and developments in the area of information security and risk management. Project management skills; financial/budget management, scheduling and resource management. Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Master's Degree in Information Assurance, Information Security or an appropriate Business Administration field, or equivalent work or education related experience. Professional certifications in information security or risk management, such as a CISSP, CISM, CRISC. Past experience in implementing key Information Security technologies such a SIEM, IDS/IPS, IDAM, MSSPs, Threat Intelligence, etc ... Demonstrated leadership of Security Operations Centers. Knowledge of security and control frameworks, such as ISO 27001/2, the NIST Cybersecurity Framework, CIS Top 20, CobiT, COSO and ITIL. Experience with contract and vendor negotiations. Team leadership of direct staff experience of at least 5 years. High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. High degree of initiative, dependability, and ability to work with little supervision.

　　 ABOUT US

　　Our people make us who we are. They are the brightest minds bringing the boldest ideas to life every day. If you're the kind of person who refuses to settle, if you want to think bigger, learn faster and go further than you ever thought possible - we'd love to hear from you.

　　Coty is deeply committed to Changing the Conversation around Diversity, Equity & Inclusion in an effort to create a more open, inclusive, and diverse workplace where all employees can be their authentic self.

　　 EQUAL EMPLOYMENT OPPORTUNITIES

　　We offer equal employment opportunity to qualified individuals without regard to race, religion, color, national origin, age, gender, disability, sexual orientation, gender identity, gender expression, marital status, veteran status, or any other characteristic protected by law. Coty complies with federal and state disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact [email protected] . We strongly believe that cultivating a diverse workplace gives a company strength. The combination of unique skills, abilities, experiences and backgrounds creates an environment that produces extraordinary results. EOE Minorities/Females/Protected Veterans/Disabled.

　　English - Please click here to review the Notification of Equal Opportunity Rights poster

　　Español - Por favor, haga un en el enlace para revisar el poster de la Ley de los Derechos de Igualdad de Empeo

　　 Base Salary Range: $190,000-$210,000 + bonus