Title: Global Leader, Information Security
Company: Halyard Health/ Kimberly-Clark Corporation
Location: Alpharetta GA
Function: Information Technology
Reports to: CIO
Product Line: medical device
Direct reports: TBD
Kimberly-Clark Health Care provides a portfolio of solutions that improve the health, hygiene and well-being of patients and clinicians around the world. With significant expertise in the areas of infection prevention, surgical protection, respiratory health, digestive health and pain management, Kimberly-Clark Health Care is driven to produce innovative solutions that improve both medical outcomes and business performance. Kimberly-Clark plans to spin-off Kimberly-Clark Health Care by year-end into Halyard Health, a stand-alone, publicly-traded healthcare company with leading market positions in surgical and infection prevention products and medical devices. This is the time to consider an exciting opportunity with a company committed to advancing health and healthcare by preventing infection, eliminating pain and speeding recovery. If you are inspired by the opportunity to transform healthcare delivery, join the Kimberly-Clark Health Care team!
Some company background:
K-C Health Care net sales in 2013 were $1.7 billion, with approximately 70 percent of sales in North America and the remainder in Europe and Asia. Total net sales were split approximately 70 percent surgical and infection prevention products and 30 percent medical devices. The business had more than 16,000 employees at the end of 2013.
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an enterprise-wide and globally oriented information security program to assure information assets are adequately protected. The CISO is also responsible for the creation and maintenance of enterprise-wide information security policy, establishing and operating IT security technology, IT compliance, and IT Disaster Recovery strategies and overseeing the execution of plans reporting to the Chief Information Officer (CIO) of K-C Health Care.
The CISO is charged with the responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures as well as regular status monitoring and reporting activities. He or she will oversees the creation and maintenance of information security policy, identifies and secures funding/support for security initiatives, leads on-going enterprise-wide security risk assessment and status reporting efforts and is responsible for the creation and roll-out of global security awareness and training programs. In addition, the CISO is responsible for review and direction of business system continuity and disaster recovery plans as well as information security audit and regulatory compliance.
This position requires a visionary leader with strong management skills, a detailed working knowledge of information security technologies and familiarity in leading IT security organization to achieving security compliance for a diversified global organization (PCI, HIPAA and SOX). This position serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information in compliance with the organization’s information security policies. The CISO must be highly knowledgeable about the business environment and must ensure that information systems are maintained in a fully functional, secure mode.
- Work proactively with the Chief Information Officer and the broader ITS Leadership Team, the role serves as an expert advisor to senior management in the development, implementation and maintenance of enterprise-wide information security technology, compliance, and disaster recovery that ensures best practice control objectives for system integrity, availability, confidentiality, accountability and assurance within the context of the K-C Health Care’s risk tolerance as set by senior management.
- Draft and propose the enterprise-wide information security strategy and action plans based on enterprise-wide risk assessment and gap analysis. As a result, identify and propose key information security program priorities, initiatives, practices and tools.
Oversee execution of approved information security project plans and provide regular status reporting on progress of such projects.
- Serve as chairperson of the organization’s Cyber-risk Steering Committee. Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and provide recommendations regarding prioritization of system security infrastructure investments that mitigate risks, strengthen defenses and reduce vulnerabilities.
- Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
- Develop, publish, and maintain comprehensive information security standards, policies, procedures and guidelines.
- Act as the primary corporate control point during follow-up on significant information security incidents, oversee development of response plans and provide timely update reporting.
- Collaborate within the Global Information Technology Services (ITS) teams to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.
Monitor information security trends and evolving technologies as well as keep K-C Health Care senior management informed about related information security issues and implications.
- Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout K-C Health Care on a timely basis.
- Provide guidance to business units as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with the Corporate Human Resources and Legal departments as appropriate.
- Engage and direct outside consultants as appropriate on information security audits.
Establish risk-based IT Security, IT Compliance, and IT Disaster Recovery approaches to protect company operations while not unreasonably restricting the company’s ability to do business.
- Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security and IT control standards and policies. This includes coordinating the use of external resources involved in the performance of security testing, i.e. penetration tests, vulnerability scans.
- Collaborate with Internal Audit as a business advisor on information security and IT compliance matters.
Interested? Please send your resume to Dorothy.Beach@KCC.com to start our process. We can then have a chat in the next few business days to discuss your fit versus your career plans.
Qualifications / Experience
- Requires a BA, BS or Master’s degree in a Computer Science or Information systems related discipline, a MBA a plus.
- Candidate should have a minimum of ten years of progressive leadership experience in computing and information security, with at least five years’ experience with Security Internet Technology and Risk Management.
- Must have experience with business system continuity planning, audit compliance, and risk management as it relates to information security.
- Experience with information system (technology) disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
- Experience in leading and managing IT security implementations.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. This is a highly responsible position that requires both quantitative and interpersonal skills.
- Demonstrated project management, organization and facilitation skills.
- Excellent communication and presentation skills.
- Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is desired.
- Must be able to translate the Information Security contribution to business outcomes into simple briefings for use by the IT Services and senior leadership.
- Thought leader, articulate, consensus building, and persuasive with a demonstrated ability to serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization.
The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.
Kimberly-Clark is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.