Tenneco is one of the world's leading designers, manufacturers and marketers of automotive products for original equipment and aftermarket customers, with 2019 revenues of $17.5 billion and approximately 78,000 team members working at more than 300 sites worldwide.
Tenneco is looking for an Executive Director, Information Security. Reporting to the Vice President and Chief Information Security Officer (CISO), the Executive Director, Information Security is a member of the CISO senior leadership team, and serves a key role in the Company, working closely with senior administration, leaders, and employees. The Executive Director, Information Security is an advocate for Tenneco's total information security needs and is responsible for the development and delivery of a comprehensive information security strategy, aligned with the company's privacy policies and objectives, to optimize the security posture of the company. The Executive Director, Information Security leads the development and implementation of a security program that leverages collaborations and company-wide resources facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The Executive Director, Information Security also oversees the company's Identity and Access Management program. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the company level.
The team is ready to act immediately on those candidates who are the best fit for the role. You'll first hear from someone in Talent Acquisition to schedule a phone screen, and then the next step will be a personal interview with our Hiring Manager. We pride ourselves on moving through processes quickly, and you can be sure of transparency and prompt communication throughout.RESPONSIBILITIES:
- Develops and implements a strategic, long-term information security strategy and roadmap to ensure that the company's information assets are adequately protected. Leads information security planning to establish an inclusive and comprehensive information security program for the company.
- Works with senior leaders across the organization to assess and communicate acceptable levels of risk. Provides guidance and counsel to the CISO and key members of company's leadership on information security and IT risk matters.
- Identifies, evaluates, and reports on information security risks, practices, and projects to company's leadership.
- Provides subject matter expertise on security standards and best practices (e.g. HIPAA, FERPA, PCI, FISMA/NIST, etc.).
- Works with company leadership, Office of Legal Counsel, and relevant compliance department leadership to build cohesive security and compliance programs for the company to effectively address statutory and regulatory requirements. Develop a strategy for cohesively dealing with audits, compliance checks, and external assessment processes for internal / external auditors, PCI, ITAR, HIPAA, FISMA/NIST, and other applicable standards.
- Leads the development of up-to-date information security policies, procedures, standards, and guidelines, and oversee their approval, dissemination, and maintenance.
- Provides executive guidance on strategies for managing vendor risk and other third-party risk.
- Leads the development, implementation, and administration of effective and reasonable security policies, practices, standards, and controls to mitigate risk, protect data, and ensure compliance with relevant laws, regulations, and contractual requirements. Provides technical leadership and executive leadership, direction, and guidance in assessing and evaluating information security risks and monitoring compliance with information security policies, standards, and controls.
- Examines impacts of new technologies on the company's overall information security and risk environment. Establish processes to review implementation of new technologies to ensure security compliance.
- Develops, mentors, and manages a high performing staff of information security professionals.
- Acts as the champion for the enterprise information security program and foster a security-aware culture.
- Oversees the evaluation, selection, and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
- Partners with enterprise architecture, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
- Provides executive leadership for the intrusion detection and vulnerability management program, and reporting senior leadership about the results of the program.
- Develops organizational metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time.
- Manages institution-wide information security governance processes, including liaising with schools, divisions, and departments, to support campus-wide information security programs and project priorities.
- Maintains strong working relationships between the Information Security organization and other IT teams to align information security practices throughout the company.
- Maintains an awareness and understanding of the current and emerging threat landscape, information security issues, and regulatory changes for higher education; advises relevant stakeholders on appropriate courses of action.
- Creates the strategy for security awareness programs and advises stakeholders at all levels on security issues, best practices, and vulnerabilities. Works with groups across the company to build awareness and a sense of common purpose around information security.
- Engages with external communities to develop knowledge and awareness on information security practices at peer organizations, to promote and increase inter-organizational ability to address common problems in information security, and to manage inter-organizational information security incidents.
- Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
- Engages in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Manages confidential investigations as requested by the appropriate authorities.
- Reviews hardware, software, and services being considered for purchase or implementation by IT Services and other campus departments to assess security issues (strengths/risks) and assure proper information security features are incorporated to support company business needs; provides security requirements to be included in an RFP for software and services.
Minimum: Bachelor's degree in computer science, engineering, or a related field.
Preferred: Graduate degree.SKILLS & EXPERIENCE:
- Minimum 15 years of experience in information security and information technology assignments with progressively greater responsibility and authority.
- Minimum eight years of information security leadership, and management responsibilities. • Employment history in a large, decentralized organization.
- Background with contract and vendor negotiations.
- Oversee incident response planning and testing, the investigation of security breaches, and assist with any associated disciplinary, communications, public relations, and legal matters. Certifications
- Professional certifications, such as a CISSP, CISM, CISA.
- Broad knowledge of IT and IT security.
- Working knowledge with technical acumen including but not limited to: OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next gen mobile, network architecture, enterprise architecture, and directory services. • Manage infrastructure and processes for incident detection and response, threat hunting, and offensive security (Red Team) testing, across a wide variety of on-premise and cloud environments.
- Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, and multi-factor authentication.
- Knowledge of and experience with key regulations affecting IT security, risk, and compliance. • Demonstrated ability to assess IT risk, including risk to mission; to develop strategies, policies, and procedures; and to successfully implement these.
- Ability to travel up to 25% of the time.