Listing Description
VF Corporation outfits consumers around the world with its diverse portfolio of iconic lifestyle brands, including Vans®, The North Face®, Timberland®, Wrangler® and Lee®. Founded in 1899, VF is one of the world’s largest apparel, footwear and accessories companies with socially and environmentally responsible operations spanning numerous geographies, product categories and distribution channels. VF is committed to delivering innovative products to consumers and creating long-term value for its customers and shareholders.
VF will grow by creating amazing products and brand experiences that transform and improve the lives of consumers worldwide, while delivering superior returns to our stakeholders.
At VF, we draw on 117 years of experience to continuously transform ourselves in an ever-changing global marketplace. We constantly learn from the past, but live in the future.
Our One VF culture is all about harnessing the power of our brands and our talented associates to capitalize on our greatest opportunities for long-term performance. Across our company, a One VF mindset differentiates our products and brand experiences. It all adds up to a lasting competitive advantage built on collaboration, agility and execution.
Powerful brands, shaped by shopper insights and fueled by innovation, drive our success by putting us at the heart of consumers’ lives. With the industry’s most diverse family of apparel, footwear and accessories brands, we serve consumers on every continent. Many of our brands lead their respective categories, and some have risen to iconic status. As we look to the future, we will continue to lean on our One VF approach to ensure we embrace our shared learnings as we add value across our portfolio of brands.
Deputy Chief Information Security Officer: Become the Newest Member of the VF Family
The Deputy Chief Information Security Officer leads VF Corporation’s Global Information Risk and Cyber Security organization under the direction of the CISO. This position reports to the CISO within the Global Business Technology (GBT) organization. Significant stakeholder relationships include regional CIOs, Integrated Architecture, Integrated Service Delivery, Chief Financial Officer, Chief Audit Executive, and Chief Legal Counsel.
This leader is responsible for the development, execution, and ongoing maintenance of a comprehensive information risk management plan that will help to protect all significant VF business activities, systems, and information worldwide. The individual will design the organization, build the capabilities, and propose the investment business case necessary to measure and report risk and compliance, monitor and respond to threats, and deliver programs, projects, and policy which mitigates reputational risks, operational risks, and compliance risks. The overall scope of accountability for this position will include information security and risk management, governance & compliance, threat vulnerability & incident management, security solutions delivery, and security continuity.
How You Will Make a Difference:
• Collaborate with the CISO, Chief Legal Counsel, Chief Audit Executive and Global CIO to develop and report on the Global Information Risk landscape and applicable regulatory requirements including Payment Card Industry Data Security Standard, EU Safe Harbor, Sarbanes Oxley and applicable local privacy laws.
• Enable VF strategy execution by delivering policy and awareness, risk assessment, and security solutions in a timely and efficient manner for VF Corporate, Retail / Direct to Consumer, wholesale Business Partners, and Supply Chain.
• Develop and deliver risk assessments and maintain plans to remediate risks, enable security capabilities, and respond to cyber incidents and inquiries.
• Apply a formal set of industry accepted, risk management processes and information protection frameworks to identify various security concerns, gaps and remedial actions, which mitigate risks to the execution of corporate strategy and reputational concerns.
• Leverage industry best practices, and emerging approaches to drive global synergies for Information Risk Management and Cyber Security Operations, worldwide.
• The Deputy CISO must be able to influence others and drive meaningful change in a global organization where the infrastructure and application functions report to other leaders. The Deputy CISO must be able to quickly assess and manage through complexities due to VF’s global diversity, varied ethnic cultures, breadth of product categories and consumers, diversity of go to market business and geographically driven business priorities. He/she must be comfortable engaging in regular interactions and meaningful dialog with business executives and technology specialists, worldwide. The Deputy CISO will lead a geographically dispersed team that is responsible for global risk assessment, cyber security operations, solution engineering and compliance activities. This team will interact regularly with corporate audit teams, GBT leaders, analysts and engineers and provide them with full audit support and guidance on information risks and controls. His/her team will develop action plans, schedules, status reports, budgets and other communications intended to measure and improve the effectiveness of VF’s protection posture, industry threat information and vulnerability management. The team will work with the internal legal counsel to develop and distribute security policy.Lead the Information Risk and Cyber Security Strategy and Capability
Develop and maintain a strategic global security plan to remediate risk and enable new security capabilities aligned with VF’s growth strategy and financial management goals.
Maintain, develop, and operate a risk assessment framework to regularly assess and report on information risks associated with technology, business processes and information handling practices throughout the business.
Maintain and develop information security programs, policies, guidelines and practices to protect VF information from unauthorized disclosure or loss when handling by VF associates, contractors and affiliates.
Define and select necessary information risk and cyber security compliance tools, suppliers and services.
Extend the identity and access management capabilities and capabilities to in-scope applications, whether applications are on-premise, SaaS, PaaS, or IaaS based implementations.
Work with legal, audit, engineering, and architecture teams to assure effective policy and control implementations to protect company information assets and comply with local data privacy regulations, Payment Card Industry Data Security Standards, and Sarbanes-Oxley.
Provide input on legal protection and deliver business informed, judgement and risk management advice to executive management including CIO’s and business leaders.
Develop VF’s Information Risk Management Culture
Measure and report VF’s information risks and cyber security concerns, retail industry concerns, and progress on security related initiatives. Report on compliance driven activities to senior business leadership and the VF Operating Committee.
Monitor and report on cyber security threats, threat intelligence, and remediation plans.
Establish and maintain a culture of constant vigilance, information risk management, and industry awareness of information risk and protection of VF’s information assets and critical business systems and processes.
Maintain relationships and extract value from retail industry cyber security councils, federal law enforcement authorities, and threat intelligence sharing organizations and forums that are critical to the protection of VF businesses, shareholders, and customers.
Build credibility and expand stakeholder relationships worldwide. Develop relationships, informal networks and key business connections which expand VF’s information risk management culture, awareness and effectiveness.
Deliver Information Risk and Cyber Security Capabilities
Deliver effective security and control practices to protect company information assets, including system, network, and architecture validations, and IT general controls design, configuration, and monitoring.
Maintain a rigorous and structure process to manage worldwide incident detection, response, and recovery.
Ensure security policies / procedures are defined and implemented across global business units and information handling processes.
Manage vendors partners in the delivery of services across all areas of security.
Talent Management & GBT Team Influence
Mentor and coach direct reports ensuring success in their role and readiness for success into new roles within the security function.
Responsible for coaching, developing and encouraging excellence from diverse teams across multiple internal and external organization entities.
Conduct performance evaluations, development planning, and succession planning for direct reports.
Develop self and others across the global GBT function through informal and formal interactions, mentoring, and engagement in business meetings.
SKILLS FOR SUCCESS
Bachelor’s degree in computer science, information systems, computer engineering, electrical engineering, system analysis or related field of study, or equivalent experience
Professional security management certification such as CISSP, CCISO, CISM, and/or CISA required
12+ years of experience in a combination of risk management, information security, and IT, with 5+ years in a senior leadership role
Strong knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, and PCI DSS
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
Knowledge of business IT ecosystems, SaaS, IaaS, PaaS, cloud computing, SOA, APIs, open data, open systems, microservices, event-driven IT and predictive analytics
Exceptional interpersonal skills, including teamwork, facilitation, and negotiation
Strong leadership skills
Excellent written, verbal, communication, and presentation skills
Excellent planning and organizational skills
Comfortable, experienced, and accomplished at working with business executives, and able to push back in a professional and diplomatic way
Highly collaborative
Proven ability to manage and grow a department
Vendor and technology neutral, more interested in business outcomes than in personal, or those business and IT leaders vested personal preferences
Must be currently authorized to work in the United States without sponsorship and not require sponsorship in the future
PREFERRED QUALIFICATIONS
Experience in a global retail environment
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: No Telecommute