Information Security Leader
Wilsonart Engineered Surfaces is a world leading manufacturing and distribution organization that is driven by a mission to create innovative, high performance surfaces that people love, with world-class service our customers can count on, and delivered by people all over the world who care.
Our company, with the Americas HQ’s in Temple, TX, and Global HQ’s in Austin, TX, manufactures and distributes High Pressure Laminate, Quartz, Solid Surface, Coordinated TFL and Edge-banding and other engineered surface options for use in furniture, office and retail spaces, countertops, worktops and other applications.
The Information Security Leader is responsible for the development, implementation, and continuous improvement of an organizational-wide information security program which is designed to preserve the availability, integrity and confidentiality of company information resources in compliance with applicable security policies and standards.
The position consults and partners with internal technical staff and business leadership as well as each business unit to enforce and verify compliance of information security standards. This is a hands-on position responsible for developing enterprise wide security programs; identifying, reporting and controlling incidents; managing, training and ensuring information security awareness at the forefront of the organization; monitoring threats and taking preventative measures; and continuously communicating with the overall business organization. The Information Security Leader is a member of the Information Technology department, with global responsibilities. Additional responsibilities include:
- Provides organizational tactical and status reports on ongoing improvements to the overall IS Program, risk assessments, tests, and security control changes to the enterprise
- Manages the information security program to analyze cyber-security information and utilize said information to enhance the overall security posture of the enterprise
- Provides real-time analysis of immediate threats, and triage in the event of a security breach
Security Infrastructure Assessment, Implementation, Management and Maintenance
- Remains current on developments in the cyber-security industry including security alerts, bugs, zero-day issues, vulnerabilities, viruses, and malware, providing evaluation and recommendations depending on their potential impact to the Company
- Advises management and leadership of potential security risks associated with acquisitions or other major business projects/programs
- Advocates for, plans, purchases, implements, manages, maintains and reviews security hardware and software, and ensuring IT and network infrastructure is designed according to information security best practices
- Works closely with IT and Vendor management teams in providing timely security reviews & assessments to potential technologies being considered by the organization
- Ensures information security initiatives operate efficiently and effectively.
- Performs activities and reviews projects/programs which minimize the risk of data loss or breaches (i.e. user access reviews, security patch management, SSO, etc.)
Data Loss, Fraud Prevention, & Awareness:
- Ensures information security program features are regularly tested throughout the year (i.e. pen-testing, phishing tests, etc.)
- Works closely with the Management team and Learning & Development to conduct Security Awareness training and ensures that Security Awareness training remains a current, positive training solution for employees
- Researches most relevant and recent content and publishes monthly Cyber Security Newletters, imparts training to parties/team members with high exposure, and conducts annual/bi-annual Cyber Security awareness programs.
Identity and Access Management:
- Ensures administrators and other privileged users have only the permissions they need at any given time
- Monitors the activity of administrators and privileged users
- Ensures access to restricted data and systems is only available to designated or authorized employees
Investigations and Forensics:
- Identifies root cause of all security breaches and provides a summary report to management and leadership
- Provides guidance and training to internal Company employees involved in a breach
- Implements tools, systems and/or technologies to mitigate the recurrence of an identified security breach
- Ensures compliance with Federal, State, and local laws, regulations, codes, and/or standards, globally
- Provides regular updates and/or responses to regulatory & internal assessments to: Supervisory Committee, Risk Management Committee, Compliance Committee, Senior Management and the Board as needed
- Directs security activities and assessments with key 3rd party security partners and develop the responses, the remediation, and ongoing adherence from those reports
- Ensures there are no repeat IS security related findings from regulatory and 3rd party exams (i.e. NCUA, 3rd party audits)
- Demonstrate knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment
- Demonstrated ability to integrate business needs and exceptional customer service with that of maintaining a strong security framework
- BA/BS in Computer Science or equivalent and at least 7 years of practical IS/IT work experience with direct knowledge surrounding enterprise security technologies such SSO, Privileged Access Management systems, Next-gen firewalls, VPN, IPS/IDS, content filters, Endpoint Security systems, AV, and similar
- Experience utilizing common frameworks including FFIEC, NIST, ISO
- Formal certification in Information Security Management preferred (CISSP or equivalent)
- 5+ years technical experience in skills including Vendor Management, Information Security, IS Program Management, and/or Security Vendor Management
- Experience with managing small focused teams
- Advanced hands on knowledge of information security principles and practices, including any of the following: NIST CSF, security risk assessment standards, risk assessment methodologies, and vulnerability assessments.
- High level of knowledge in Windows, Linux, Network, and Cloud security.
- Excellent oral and written communication skills; ability to interact with internal and external stakeholders.
- Must demonstrate strong analytical, reasoning and problem-solving skills.
- Ability to carry a mobile device and provide off hours support as required.
- Ability to travel across all Company sites, domestic as well as international.
Discretion and Judgement:
- Employee will often set their own priorities based on general guidelines and direction.
- Employee must often compare alternative courses of action and make logical decisions.
- Employee must work well with ambiguity and tasks will not always be routine.
- Employee will have the authority and will be expected to make some decisions on their own, without direct guidance from supervisor.
- Minimum 5-7 years information security experience.
- CISSP, CISM, CCSP, or SSCP certification.
- Bachelor’s degree in Computer Science or similar; Master’s degree preferred.
Wilsonart is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.