Who We Are:
Lippert is a leading, global manufacturer and supplier of highly engineered products and customized solutions, dedicated to shaping, growing and bettering the RV, marine, automotive, commercial vehicle and building products industries. We combine our strategic manufacturing capabilities with the power of our winning team culture to deliver unrivaled customer service, award-winning innovation and premium products to all of our customers.
Why We are Different:
At Lippert, Everyone Matters. This is not just a tagline or empty promise; it is who we are. We have intentionally created a culture that values and celebrates our team members’ unique and varied backgrounds, perspectives, and experiences. We strive to give our team members a deeper sense of purpose at work, and we continue to build a better work environment by aligning our cultural and business strategies with the needs of our team members.
What You will Get:
1. A unique, inclusive and supportive company culture.
2. Comprehensive benefit offerings including medical, dental, vision, 401k with employer match, vacation, and more!
3. Fair and competitive compensation.
4. Career development and mentoring and opportunities to grow.
5. Holiday, personal and vacation days.
The Vice President, Information Security (VP-IS) is an executive level leader responsible for all information security activities in support of the organization. The VP-IS will drive the strategy and implementation of a company-wide information security management program while protecting the business from security threats and cyber-hacking. The VP-IS will also ensure operational compliance with all standards and regulatory requirements (e.g., HIPAA) working closely with the Governance, Risk and Compliance teams, while serving as an effective liaison for engaging with company customers, clients, partners, and stakeholders on security-related matters.
Reporting to the CIO, this leader will have extensive visibility and accountability to our teammates, executive leadership team and Board of Directors.
Technical responsibilities include partnering with infrastructure engineering, software engineering, DevOps, and product teams to ensure data breach prevention, development and implementation of security best practices, and appropriate metrics for assessment. Given the nature of interactions with these teams as well as supporting security team members with their responsibilities, a deep understanding of security and current technologies supporting our products is required. This includes the ability to understand and interact with tools and dashboards for hands-on leadership as well as the ability to participate actively in technology architecture direction and approval boards.
Corporate responsibilities focus on a comprehensive understanding of business requirements, compliance with key regulatory regimes, timely risk assessments, tabletop exercises, security awareness training of company staff and advocating for strong security with partners, customers and throughout the industries we serve.
ESSENTIAL JOB FUNCTIONS
Risk Mitigation and Governance
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and risk management program for the organization, which operates in the cloud leveraging Azure cloud environments.
- Provide strategic risk guidance for product engineering projects, including the evaluation and recommendation of technical controls.
- Lead the vision for security in product delivery including the specification of analysis tools, threat modeling, execution of penetration tests and risk assessments.
- Provide regular reporting on the current status of the information security program to company senior business leaders as part of a strategic risk management program.
- Provide leadership to ensure alignment of executive management with security risk programs including the development and execution of tabletop exercises on an annual basis.
- Develop, maintain, and publish up-to-date information security policies, standards, and guidelines; oversee the approval, training, and dissemination of security policies and practices.
- Ensure the information security program aligns with key frameworks including the NIST Cybersecurity Framework and others identified by the Governance, Risk and Compliance team.
- Liaise with customers, clients, partners, and stakeholders on security-related matters.
- Provide cyber threat reduction program to strengthen reliability in our cyber ecosystem.
- Prioritize and optimize security investments to support and accelerate the company’s growth.
- Development a cost effective, resilient, and elastic security infrastructure.
- Partner with security service providers (e.g., Crowdstrike) to ensure 24x7x365 security operations for detection, triage, and remediation of security incidents.
- Develop and implement a security vulnerability management program working with engineering, DevOps, infrastructure, IT End User Services, and related teams to ensure vulnerabilities are identified and prioritized for remediation.
- Ensure security vulnerabilities are identified and proactively managed on a continuous basis to reduce the organization’s attack surface.
- Ensure all client-facing applications undergo extensive, independent penetration testing on at least an annual basis to identify, remediate and retest for identified security vulnerabilities.
- Manage the organization's information security team. This includes hiring, training, staff development, performance management and regular performance reviews.
- Liaise with the company's development team to ensure alignment between the security and development practices.
- Develop strong partnership and joint business and technology roadmaps with business unit and shared service leaders.
- Manage and optimize financial budget.
- Develop and maintain the operating plan for Information Security cost center
Minimum Education, Experience & Training:
- Bachelor’s degree in Computer Science or equivalent work or education-related experience.
- Certify Information System Security Professional (CISSP) or equivalent.
- Strong experience in current and historically relevant Security concepts and technologies. Progressive experience in a combination of engineering, information security and risk management roles that demonstrate expertise at a senior leadership level.
- Relevant experience managing comprehensive security programs for companies that leverage cloud technologies such as Azure.
- Certifications in Azure are highly desired.
Knowledge, Skills & Abilities:
- Excellent written and verbal communication skills, interpersonal and collaborative skills effective in communicating security and risk-related concepts to technical and non-technical audiences.
- Expertly collaborate and communicate with Lippert teams and senior management as well as external customers, clients, partners, and stakeholders.
- Proven track record and experience in developing information security policies and procedures.
- Must be a critical thinker, with strong problem-solving skills.
- Knowledge and understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standards and various privacy laws governing Personally Identifiable Information (PII).
- Strong operational management skills including project management, financial/budget management, scheduling and resource management.
- Leadership that motivates cross-functional, interdisciplinary teams to achieve tactical and strategic security-related goals.
- Sensitivity to working with an ethnically, linguistically, and culturally diverse team.
- A commitment to the values of the organization while demonstrating good judgment, flexibility, patience, and discretion when dealing with confidential and sensitive matters.
- Proficient in Microsoft Office (Outlook, Word, Excel, etc.), especially Excel and related computer software.
- Ability to consistently demonstrate good judgment and decision-making skills.
- Ability to maintain the highest levels of confidentiality.
- Ability to work in an exciting, fast paced high energy environment while effectively multitasking
- Salary: $160000 - $200000
- Citizenship: Us Citizen
- Incentives: Both
- Education: Not Provided
- Travel: No Travel
- Telework: Full Telecommute