The primary purpose of this position is to safeguard information system assets by identifying and managing risks and solving potential and actual security regulatory gaps. Responsible for managing and maintaining risk controls and ensuring compliance with all policies.PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
QUALIFICATIONS & EXPERIENCE:Experience:
- Lead a global team of cross-functional security professionals to create new processes, procedures, design highly reliable, scalable, extensible, maintainable and operable compliance program.
- Creating a global cybersecurity risk strategy, roadmaps, budget and introduce proven innovative frameworks that will shape our cyber transformation goals.
- Translate Information Security Risk to business impact statements.
- Lead the implementation of information risk management principles as part of the various front line IT projects, including reviews of all new 3rd parties and vendors
- Partner with internal delivery teams and provide compliance guidance on Policies, Standards and Procedures
- Support audits, regulatory exams and enterprise risk initiatives
- Developed and Manage client risk assessments, vendor due diligence, and SOC audits
- Lead the annual SWIFT, PCI and SOX audit examination. Strong familiarity with Federal compliance standards such as NIST 800-53, FIPS and privacy regulation like GDPR and CCPA
- Staying current on changing regulatory environment and assessing impacts on the organization
- Identify and lead the resolution of highly complex regulatory problems, lead control design that is scalable and adherence to regulatory standards.
- Analyze technology, industry, and market trends and determine potential impacts to and opportunities for the enterprise
- Continually evaluate new GRC technologies and devise plans for implementation of policies and standards.
- Manage and develop cross functional teams to drive global capabilities that comply with local risk and compliance requirements.
- Development of Cyber Risk metrics and reporting, focused on active Cyber Risks as well as the efforts and results of the team.
- Maintain technical knowledge by attending educational workshops, seminars and reviewing publications.
- Create a strategy around proven security awareness programs, continuity table tops
- Partner with technology teams to develop sustainable solutions supporting the Risk program including enhanced controls and streamlining/automation initiatives.
- 10-15 years of experience in an information security compliance and risk management role
- Experience managing and mentoring direct reports and staff
- Experience reviewing contracts for information security requirements and concerns.
- Experience in the security controls aspects of multiple platforms, operating systems, software, communications, and network protocols
- Technical Bachelor's degree or equivalent combination of education and experience
- Advanced degree preferred
- ISACA's Certified in Risk and Information Systems Control™ (CRISC®) certification
- CISA-Certified Information Systems Auditor
- Team player, able to work with other members of the Information Security Group in resolving issues
- Professional and cooperative attitude
- Results oriented with strong time management and project management skills, and must be highly organized and driven to succeed
- Strong leadership skills, leading by example, driving employee commitment through actions, and empowering employees to reach their full potential
- Demonstrates leadership through skillful and effective written and oral communication.
- Demonstrated competency in creating and executing on strategic plans
- Proven track record of leading large, complex projects with multiple stakeholders and driving organizational change
- Demonstrated success with meeting the needs of a wide range of employees while driving team performance, monitoring results and appropriately allocating resources
- Possesses and applies comprehensive knowledge of principles, practices, and procedures of particular field of specialization to the successful execution of multiple complex projects
- Expertise in the design, development, implementation, and maintenance of enterprise application and security architecture.
- Experience working with enterprise architects within an IT organization, with demonstrated understanding and application of architecture methodology and principles to enable business change or capability building as it pertains to cyber capabilities.
- Identify, prioritize and proactively manage dependencies, risks, exceptions and issues.
PVH Corp. or its subsidiary ("PVH") is an equal opportunity employer and considers all applicants for employment on the basis of their individual capabilities and qualifications, consistent with applicable law and without regard to race, color, sex, gender identity or expression, age, religion, creed, national origin, citizenship status, sexual orientation, genetic information, physical or mental disability, military status or any other characteristic protected under federal, state or local law. In addition to complying with all applicable laws, PVH also has a strong corporate commitment to inclusion, diversity and to ensuring that all current and future PVH associates are compensated solely on job-related factors such as skill, ability, educational background, work quality, experience and potential. To achieve these goals, across the United States and its territories, PVH prohibits any PVH employee, agent or representative from requesting or otherwise considering any job applicant's current or prior wages, salary or other compensation information in connection with the hiring process. Accordingly, applicants are asked not to disclose this salary history information to PVH