T&T-Cyber-Strategy & Transformation- Manager

Responsibilities:

• Determines security requirements by evaluating business strategies and requirements; researching information security standards; information security risk assessments; studying architecture/platform; identifying integration issues.
• Work closely with IT Business Partners and Enterprise Architects in designing system solutions following a risk-based approach and ensure the solution is aligned with internal controls and security policies.
• Ability to interact with and provide solutions to the Network team, Messaging team, Solution Architects etc.
• Partner with the CISO/BISO organization, Strategy, Operations and Engineering, and IT Business Partners to understand the Kimberly-Clark business and help minimize cybersecurity risks with existing solutions and new initiatives.
• Support and facilitate the Cybersecurity vendor risk assessment process, drive automation and improvement with third-party risk evaluation that should aid in efficient risk identification.
• Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards and CS&A security guidelines.
• Support stakeholders with remediation of risk, gaps/ issues identified during the cybersecurity risk assessments that exceeds the risk tolerance of the company.
• Collaborate with the Sales, Marketing, Supply Chain, HR, Legal and Finance organization to evaluate cybersecurity risks and provide guidance for remediation.
• Updates self-knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Ability to develop technical white papers and best practice guidelines to achieve consistency with applying and enforcing security policies.
• Provide assistance with Threat Modeling, Penetration Testing, SDLC, Secure Code Reviews and Cloud security assessments.
• Collaborate with internal Legal team, Data Privacy/ Protection officer to understand global data privacy/protection requirements and define security controls to meet the objectives.
• Maintain a broad understanding of compliance across applications and networks for PCI, HIPAA, PII, and SOX

        Requirements:

• While experience in several IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial
• Experience in the following regulations and frameworks: PCI, ISO 27001/2, SOC/SSAE 18, HIPAA, GLBA, NIST 800
• Security certifications such as CISSP, CISM, CEH, CISA, etc. are a plus.