Sr. Director Cyber Risk Management - PVH Corp.

Recruiter
PVH
Location
Bridgewater, New Jersey, United States of America
Posted
25 Jun 2022
Closes
14 Sep 2022
Ref
PVH1USR32486WDINTERNALENGLOBALEXTERNAL
Function
Technology
Hours
Full Time
POSITION SUMMARY: The primary purpose of this position is to safeguard information system assets by identifying and solving potential and actual security problems in the region. This is a leadership role for identification and communication of cyber risk to all levels of management. This position is a decision-making role and in influencing the business on prioritization of projects for risk mitigation for the Americas region.

PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
  • Strategize the integration of cyber risk into cross-functional business processes.
  • Improve the security through continuous risk & controls assessment of the environment based on business impact or changes in threat landscape.
  • Identify and prioritize initiatives to improve third party risk management and adopt new capabilities in the region to ensure regulatory adherence.
  • Promote cyber hygiene through presentations to various business groups on information security awareness and cyber risk impact.
  • Create and direct the Cyber Risk Committee and lead all risk metrics and reporting sessions with senior leadership teams.
  • Facilitate risk assessments and controls testing exercises on an annual basis.
  • Lead the business impact analysis exercises on an annual basis.
  • Represent PVH in leading cyber risk assessments and business impact analysis with its third parties.
  • Ability to lead teams and cross functional team in a matrix and global setting.
  • Collaborate with Compliance and Legal teams for security control requirements and implementation for current and new regulations.
  • Liaise with key business stakeholders to influence business strategy and initiatives from an overall Information Security perspective.
  • Be the primary contact for problem-solving Information Security Risk queries and concerns.
  • Translate Information Security Risk to business impact statements.
  • Develop guidance and assist in the identification, implementation, and maintenance of business continuity strategies in coordination with crisis management and senior leadership.
  • Work with key business and IT teams to promote security initiatives, best practices, and general security awareness.
  • Manage and develop cross functional teams to drive global capabilities that comply with local risk and compliance requirements.
  • Maintain technical knowledge by attending educational workshops, seminars and reviewing publications.

QUALIFICATIONS & EXPERIENCE:

Experience:
  • 8-10 years of experience in an information security or risk management role
  • Experience in cyber risk identification and conducting business impact analysis across a matrix organization
  • Prior experience mentoring direct reports and staff
  • Experience in developing and communicating cyber risk metrics to senior and executive management.
  • Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols

Education:
  • College degree is required
  • CISSP, CISM or CRISC certifications are strongly recommended.

Skills:
  • Strong communication skills
  • Strong presentation skills
  • Self-Starter
  • Professional and cooperative attitude
  • Team player, able to work with other members of the IT and business teams.
  • Prior experience in building and operating Cyber GRC frameworks like Archer, RSAM, OpenPages, MetricStream, ServiceNow or SAI 360.
  • Thorough understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business is required.
  • Payment Card Industry Data Security Standard and the associated compliance requirements for a Level 1 merchant.
  • Prior experience working on Crisis Communications, business continuity and working with senior business leadership.
  • Prior experience working with teams across LATEM and South American regions.

#LI-BC10

#LI-Hybrid

PVH Corp. or its subsidiary ("PVH") is an equal opportunity employer and considers all applicants for employment on the basis of their individual capabilities and qualifications, consistent with applicable law and without regard to race, color, sex, gender identity or expression, age, religion, creed, national origin, citizenship status, sexual orientation, genetic information, physical or mental disability, military status or any other characteristic protected under federal, state or local law. In addition to complying with all applicable laws, PVH also has a strong corporate commitment to inclusion, diversity and to ensuring that all current and future PVH associates are compensated solely on job-related factors such as skill, ability, educational background, work quality, experience and potential. To achieve these goals, across the United States and its territories, PVH prohibits any PVH employee, agent or representative from requesting or otherwise considering any job applicant's current or prior wages, salary or other compensation information in connection with the hiring process. Accordingly, applicants are asked not to disclose this salary history information to PVH