Global Security and Compliance Head

-Position Summary

The Global Security and Compliance Head is responsible for implementing and overseeing the Group's information security program. This includes identifying, evaluating, mitigating, and reporting on risks related to legal, regulatory, IT, and cybersecurity matters affecting information assets, while supporting and advancing business objectives.

The Global Security and Compliance Head is a strategic and visionary leader with expertise in both business management and cybersecurity technologies. This role spans the protection of the corporate network as well as the broader digital ecosystem across sales and manufacturing operations. Responsibilities include establishing and maintaining the information security program to ensure that information assets, technologies, applications, systems, infrastructure, and manufacturing processes are adequately protected.

A key element of the role is to collaborate with executive management to define acceptable risk levelsfor the organization. The role will proactively engage with business units to implement practices aligned with agreed policies and standards for information security.

The Global Security and Compliance Head also requires strong knowledge of both internal and external business environments to ensure thatinformation systems maintain secure, resilient, and operational, while maintaining compliance with applicable legal, regulatory, and contractual requirements.

-Essential Job Duties

• Directs and provides a strategic risk management vision that scales globally to secure the business while enabling innovation and execution.
• Drives a strong security culture within the security department as well as organization-wide acrossmanagement and employees.
• Influences internal and external stakeholders and provides best practice guidance based on the evolving threat landscape to safeguard intellectual property and ensure compliance.
• Defines key performance indicators and metrics aligned with business initiatives and communicates them effectively to non-technical audiences.
• Frequently engages with business groups to understand their plans, risk posture, and tolerance, and to demonstrate how information security can enable them to achieve their strategic objectives and obligations.
• Plays a key role in disaster recovery and business continuity planning and execution.
• Works closely with the Chief Information Officer and Chief Compliance Officer to safeguard virtual and physical assets and to ensure sufficient budget allocation.
• Analyzes opportunities for advancing security technologies to establish effective solutions that prevent and detect advanced threats across company networks and systems.
• Reports regularly to senior management, keeping them informed of the evolving threat landscape as well as the tacticalcontrols and strategic plans to strengthen organizational resilience.
• Oversees and ensures independent verification and validation testing of company networks and sensitive programs, leveraging both internal teams and external consultants.
• Optimizes and secures cloud infrastructure and applications that support a globally dispersed remoteworkforce.
• Oversees periodic security awareness training for all employees and allocates budget for security training of technical staff.
• Oversee global security compliance programs, including TISAX certification for all manufacturing sites and compliance with other industry-specific security standards.
• Ensures adherence to relevant laws and regulations including GDPR, NIST, CMMC, and ISO 27001.

-Skills and Experience

• 10+ years' management experience, with 5-8+ years' technical hands-on security, audit, and riskmanagement practitioner experience. Thorough knowledge of Microsoft Security and Compliance solutions is highly preferred.
• Strong English written and oral communication skills across varying levels of the organization.
• Solid understanding of both IT and OT security environments, including their unique risks and control requirements
• Highly focused on building and implementing a strong, cohesive team and security culture.
• Proven experience in a global enterprise environment is required.

-Education Requirements

• Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field is required; a master's degree or higher is preferred.

-Certification Requirements

• CISSP or CISM strongly preferred; ISSMP or CCISO considered a plus.