Vice President, Security and Risk
The Security and Risk Office (the “SRO”) is a global team responsible for developing, implementing, and administering Catalina’s global data risk and security program to protect Catalina’s brand by identifying and reducing information risk across the enterprise to improve levels of privacy, cybersecurity, and resilience. The SRO will identify risks, recommend solutions, and handle breaches and incidents to ensure Catalina has a trusted and private environment that provides Catalina and Catalina clients the freedom to innovate, grow, pursue strategic goals, and to do business anywhere and anytime.
The VP Security and Risk is a role with global responsibilities overseeing Information Security and Risk. The VP will serve as Chief Information Security Officer.
This position will report to the Chief Legal Officer/Chief Administration Officer
Successful candidate will join a of team of highly qualified individuals who collaborate and support each other.
Reviews, assesses, and ensures security is aligned with regional business objectives and requirements
Establish and maintain a mechanism to track access to and use of PII, NPPI and other sensitive data as required by law and to allow qualified individuals to review or receive a report on such activity
Reviews all system-related information security plans throughout the organization’s network to ensure security alignment and acts as a liaison to the information systems department
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s security policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel
Establishes with management and operations a mechanism to track access to protected personal or health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity
Design, approve, and implement the design of security systems and tools
Approve identity and access policies
Review investigations after data breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
Maintain a current understanding of the cyber-security threat landscape
Ensure compliance with the changing laws and applicable regulations
Translate that knowledge to identification of risks and actionable plans to protect the business
Schedule periodic security audits and assessments
Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced
Constantly update the cyber security strategy to leverage new technology and threat information
Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities
Maintains current knowledge of applicable federal and state security and breach laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance
Represent Catalina’s security interests across North America, Central America, Europe, and Asia.
Liaise with country, federal, and state regulators/supervisor authorities, as needed
Liaise with other team members and with the Legal department to maintain subject matter expertise, contribute to team knowledge, and maintain consistency with our business partners
Present to executive leadership and/or Board of Directors as require on security risks
Lead the incident response team/process; helps troubleshoot and remediate incidents
Manage all teams, employees, contractors and vendors involved in security and information risk which include hiring, training, coaching, and career development
Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget for data security and information risk
Serves as information security consultant to the organization for all departments
Oversee the strategic security planning, budgeting, and career development
Works with the Chief Privacy Officer, along with the organization administration, legal counsel, and other related parties to represent the organization’s interests with external parties (state or local government bodies) who undertake to adopt or amend legislation, regulation, or standards
Provide strong collaboration working in tandem with cross functional teams to achieve business objectives
Works with the Chief Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the information systems department
Performs initial and periodic information security risk assessments and conducts related ongoing compliance monitoring activities in coordination with the entity’s other compliance and operational assessment functions
Communicate best practices and risks to all parts of the business, outside IT
Provide guidance, recommendations, and supports the Vendor Assurance process, when needed, for vendor due diligence
Review and provide input into compliance courses on the internal Learning Management System tool
Bachelor's degree with 10+ years of experience in one or combination of Information Governance, Information Security, and/or Cyber-Security or equivalent combination of education and experience
7+ years of experience leading teams in the Information Security, Risk, or Business Management functions
Advanced understanding of Information Security or Risk principles with in-depth knowledge of the appropriate industry best practices
Knowledge of and experience with technology issues related to management of enterprise information assets
Proper training/education and associated certifications required such as CISSP, CIPM, CIPP, CIPT, CISA, CRISC, etc.
Exceptional and personable stakeholder management skills at all levels of the organization; ability to effectively brief BoD on issues related Information Security and Risk
Experience working with Business units, Information Technology teams, and stakeholders
Experience working with, and influencing, business leaders in promotion of consistent practices and policy
Must be able to speak, read, and write English; effective verbal and written communication and skills
Ability to successfully drive projects in collaboration with multiple stakeholders
Adaptable to change and ambiguity; ability to work independently without direct supervision
Ability to attract, retain, engage and develop teams in a fast-paced, transformational environment
Ensure there is a focus on accountability and performance, with clear line of sight between organization strategy and individual goals
Excellent at collaboration across teams
Without fail, embody Catalina values
ADDITIONAL PREFERRED SKILLS
Certifications in two or more areas
Certified Information System Security Professional (CISSP) preferred
Catalina is a recognized leader in highly targeted, personalized digital media that drives, tracks and measures sales lift for leading CPG retailers and brands. Powered by the most extensive shopper database in the world, Catalina's mobile, online and in-store networks personalize the consumer's path to purchase, delivering $7.9 billion in relevant consumer value each year. Catalina has no higher priority than ensuring the privacy and security of the data entrusted to us and maintaining the consumer trust paramount to the continued success of our business partners and Catalina. Based in St. Petersburg, FL, Catalina has operations in the United States, Europe and Japan. To learn more, please visit www.catalina.com or follow us on Twitter @Catalina.
Diversity, Inclusion + Belongingness
Catalina is committed to investing in, empowering, and retaining a more inclusive community within our company. We are dedicated to hiring and cultivating diverse teams of the best and brightest from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has a seat at the table and a voice to be heard. Our goal is to ensure that all our talented professionals are equipped with support, resources, and the opportunity to excel.
The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically included in this description.
All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.
There is no jobs saved yet