This site uses cookies. To find out more, see our Cookies Policy

Director - Cyber Security - 2261 in Houston, TX at Westlake Chemical

Date Posted: 9/1/2017

Job Snapshot

Job Description

The Chief Information Security Officer (CISO) manages information & cyber security risk management for the organization. The CISO is responsible to actively manage cyber threats both as they occur as well as develop a strategy to ensure systems are not compromised and damage is minimized from a cyber breach. The scope of the job covers information & cyber security matters for both Information Technology (IT) and Manufacturing Operational Technology (OT) environments. The CISO is responsible for developing and implementing enterprise security and risk policies, monitoring vendor risks, and influencing user behavior. Other responsibilities include physical security, business continuity planning, crisis management, compliance with US and international data privacy regulations, and cyber security operations & compliance. 

Duties and Responsibilities:

  • Develops and maintains cyber security policy, standards, processes and procedures to assess, monitor, report and remediate cyber security & control risk and compliance related issues
  • Monitors regulatory & internal compliance with enterprise security policies and educates sponsors & IT leadership on compliance efforts.
  • Manages a 24x7 security incident response service to address security incidents, intrusion detection alerts and other alerts from infrastructure and IT teams.
  • Assesses risk of new and existing vendors, applications and technology and identifies appropriate policies and controls to mitigate risk.
  • Conducts risk assessments, vulnerability assessments and network penetration tests to identify security deficiencies or problems. Works with stakeholders to develop and implement appropriate controls to mitigate risk.
  • Coordinates business continuity planning efforts across business units and the Information Technology services organization
  • Works collaboratively with internal audit, IT and business functions to manage and maintain internal and external IT security audits and Compliance Requirements. Establishes the standards that will drive control objectives with regular review for compliance, ensuring effective change and risk management controls.
  • Responsible for raising overall company awareness of cyber security risk. Creates an information security awareness program, communication tools and campaigns to maximize organization cyber security awareness. Manages the communications of Cyber Security related matters.
  • Provides IT Security Briefings & information regarding new risks, threats, trends and laws periodically to the Cyber Security Steering Committee and Westlake’s executive leadership.
  • Chairs a Cyber Security Committee that brings together key security and risk stakeholders to develop and review enterprise risk management strategies and security governance charter
  • Sets usage and security policies for data classification and information sharing on internal and external platforms. Manages a cross functional Data Classification team to identify, prioritize and classify data as required by risk assessment, privacy laws and contractual obligations. Develops methods to maintain appropriate controls, policies and practices to protect restricted and confidential data.
  • Leads IT security efforts to maintain and/or develop security and controls during M&A.
  • Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
  • Develops policies and implements procedures to maintain, measure and improve Westlake compliance with new and existing standards and regulations including protection of  
  • employee / health care data (HIPAA), Governance, Risk and Compliance (GRC) and security related rules of Sarbanes Oxley (SOX), and the NIST 800 Data Security Standard.
  • Coordinates IT resources and leads IT efforts and projects to support the Law department with Litigation Hold Orders (LHOs), Electronic Discovery of Evidence and Records Management. Provides expert testimony on IT architecture, business systems, IT products and data storage as required by the Federal Rules of Civil Procedure. Provides both Law department and outside council with information and data regarding Information Technology as required for litigation.
  • Directs and executes IT Security investigations for HR, Law and Audit/Finance. Serves as the primary IT contact when investigations involve government agencies (FBI, Dept of Justice) and local law enforcement.

Required Skills:

  • Expert in policy formulation, information security management, and business risk management in both IT and OT
  • Experienced in dealing with and responding to cyber breaches
  • Motivates and manages a cyber security team of IT staff supporting the organization's goals and leads the process of developing a IT cyber security vision for the future
  • Fosters and builds a collaborative working relationship with various stakeholders
  • Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management
  • Working knowledge of IT financial management and IT audit

Education and Experience:

  • Bachelor’s Degree in a Technical Field.  An advanced degree (e.g., MBA) or experience in business is preferred
  • At least ten years in IT Security Function with experience in both IT and OT
  • More than five years of professional experience in leading the information security office analyzing and applying information security risk, risk management, and privacy practices or equivalent leadership/supervision directing an IT or business function