Senior Information Security Policies and Awareness Leader

Company: Campbell Soup
Location: Camden
Posted on: January 15, 2021

Job Description:

Imagine...working for a company that knows that its people are the key to its success in the marketplace. A company in which achieving extraordinary results and having a stimulating work experience are part of the same process.We cultivate and embrace a diverse employee population. We recognize that people with diverse backgrounds, experiences and perspectives fuel our growth and enrich our global culture.We are looking for an individual who enjoys working in a fast-paced, team oriented environment, likes to be challenged, and values the opportunity to make a difference.The Senior Information Security Policies and Awareness Leader will be responsible for the development, review, implementation, and maintenance of the organization's guiding documentation and security/privacy awareness program. The individual will be responsible for executive communication including executive training for Crisis Management, and preparation of Audit Committee and Board Level presentations.This individual will also lead the development and publication of Key Performance Indicators that will be leveraged to identify trends within Information Security and Privacy; and to measure the effectiveness of the controls and progress against risk. They will ultimately reduce risk throughout the organization through by enabling employees, third parties (including Managed Services) and others to understand their responsibilities regarding information protection and privacyIn this role you will report directly to the head of Information Risk Management.Essential responsibilities will include but not be limited to:Create and maintain Global Information Security Policies, Procedures, Standards, Guidelines and KPI's (50%)

• Lead the security risk management program policy initiatives across the enterprise
• Ongoing analysis of the current state of policies based on changes to the environment, risk posture, regulatory requirements
• Develop policies that meet information or exceed industry standards while ensuring that they address the global nature of the environment including differences in regulations between states and governments, PCI and SOX compliance.
• Develop and Maintain the Crisis Management Procedures to be followed by Executives and Board Members in the event of Security or Privacy Breach.
• Manage distribution and training activities necessary to socialize the policies across the workforce and to third parties including employees within Managed Services.
• Partner with others in the department to establish and implement security and privacy controls that measure understanding and compliance to policy.
• Define metrics and other KPI's that will measure and evidence to internal parties, third parties, Executives/Board of Directors, Regulators that the policies, procedures etc. are being followed and effective at drawing down risk.
• Oversee review and alignment to other IT policies, Legal and H.R. policies that document expectations of employees including but not limited appropriate use of social media, protection of intellectual property.
• Engage third parties such as Corporate Executive Board to provide independent assessment of program.Develop and Manage Information Security and Privacy Awareness Campaigns and Training Programs (30%)
  • Research and identify top human risks to the organization and the behaviors that must change to mitigate those risks across the many environments including office, manufacturing and at the third-party managed service providers.
  • Develop, review, implement, and maintain a global security awareness and role-based training programs that are engaging, interactive and memorable in order to mitigate human risks
  • Partner with relevant business units to deliver awareness and training in order to appropriately protect Payment Cards, Personally Identifiable Information (PII) compliance requirements
  • Stay abreast of Information Security/Privacy process or policy changes within the organization so that proper proactive communications and training can be coordinated
  • Assess effectiveness of awareness and training using a metrics framework incorporating employee feedback
  • Create and provide role-based procedures/training to specific segments of the employee population (HR, Finance, Legal, etc.)
  • Develops Executive level presentations to educate and inform C-level Execs, Board Audit Committee, etc.
  • Ensure employees and third parties understand, and acknowledge policies as required such as on an annual basis, New Hire training etc.
  • Drive employee engagement and understanding using effective change manage techniques to elevate the risk management program beyond compliance of policies and towards adopting a security and privacy mindsetEstablishes departmental standards for communication of risk and change management (20%)
    • Develops the standards to be used by the department when preparing presentations, providing risk assessments, vendor reviews, vulnerability reports, communication of security and privacy incidents to ensure consistent and effective communication.
    • Reviews project plans for potential impacts to employees and third parties that will require changes in behavior, communication of a new process.
    • Lead change management efforts with partnership of project and change management team.
    • Assists with review and development of strategy to ensure that initiatives and value are clearly, effectively communicated.Job Complexity:
      • This position requires managing multiple, concurrent project and task assignments, placing proper priorities on tasks and attention to detail in order to follow through all assignments to completion.
      • Ability to document and explain risks and vulnerabilities to both business leaders and technical stakeholders.
      • Provide thought leadership and communications expertise in the development of policies, standards, procedures, and other communication for the department.
      • Establish key performance indicators for measuring success objectively in an area that is highly ambiguous and subject to interpretation
      • Provide exceptional communication skills with diverse audiences including the ability to present and address a Board of Directors.
      • Strong critical thinking and analytical skills including how to ensure that Company policies and awareness programs meet compliance standards and regulatory requirements.
      • Translate security and privacy controls so that they are actionable and enable risk-based decision making.We are looking for the following abilities and skills:Minimum education required: -------------- Bachelors of Arts or Science DegreeEducation desired:-- Master's Degree with Emphasis on Business and CommunicationsYears of relevant experience: ------------------ 8 + Years.-- Knowledge, skills, and abilities required:
        • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner.
        • An ability to effectively influence and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization.
        • An ability to communicate risks to employees outside Information Security in a way that consistently drives objective decisions about risk that optimize the trade-off between risk mitigation and business performance.
        • An ability to coordinate activities on behalf of Information Security with HR, Risk Management, and Compliance functions.
        • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
        • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
        • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.Skills required:
          • Extensive experience and expertise in security and privacy policy creation and lifecycle management.
          • Solid understanding of information security and privacy frameworks, policies, standard including IS027001, NIST 800-53, PCI, GDPR).
          • Experience building and running a cybersecurity awareness and training program including presentation to Executives and Boards of Director.
          • Excellent interpersonal skills, presentation skills and verbal/written communication skills.
          • An ability to effectively coach, influence and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization.
          • An ability to communicate risks to employees outside Information Security including at third parties in a way that consistently drives objective decisions about risk in order to optimize the trade-off between risk mitigation and business performance.
          • An ability to coordinate communication/change mgt activities on behalf of Information Security with HR, Legal Risk Management, and Communications functions.
          • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
          • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
          • Active in the information security and privacy industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies, and technologies.CSC1The Company is committed to providing equal opportunity for employees and applicants in all aspects of the employment relationship, without regard to race, color, sex, sexual orientation, gender identity, national origin, citizenship, marital status, veteran status, disability, age, religion or any other classification protected by law.In that regard, U.S. applicants and employees are protected from discrimination based on certain categories protected by Federal law. Click for additional information.

Keywords: Campbell Soup, Camden , Senior Information Security Policies and Awareness Leader, Accounting, Auditing , Camden, New Jersey