Chief Information Security Officer
4 semanas atrás
Shape Your World
At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper.
We are seeking a visionary strategic Chief Information Security Officer who is passionate about leveraging cybersecurity to protect and enhance our sustainable manufacturing processes , supporting our innovation journey to create a more sustainable world.
The CISO will be responsible for driving the information security strategy and operations for Alcoa . This includes defining security requirements and development of technology roadmaps aligned to best practices/regulatory requirements and business objectives of Alcoa, with an emphasis on risk management.
The role will have direct responsibility for a global team that supports the broader organist objectives while effectively working with business and technology teams to identify, assess and address key information and cyber risks and threats.
A key element of the CISO role is to provide comprehensive and credible manner to the company leaders and board providing insight of all areas of cyber security to ensure our corporate and manufacturing assets are adequately protected . The CISO must be able to understand and articulate the value levers and (positive/negative) impact of cyber on the business communicating to senior stakeholders inclusive of the board.
The CISO must be knowledgeable with proven experience in a leadership role working with risk and audit teams as well as 3rd party vendors having an entrepreneurial and creative approach to develop innovative ideas. Should ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations. He or she serves as the process owner of the appropriate second-line assurance activities not only related to authenticity, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology, applications, systems, and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter.
Major activities/Key challenges
Establish Governance and Build Knowledge
Facilitates an information security governance structure leading the information security steering committee or advisory board. Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes. Develops, socializes, and coordinates approval and implementation of security policies. Works with the procurement to ensure that information security requirements are included in contracts by liaising with vendor management. Directs the creation of a targeted information security awareness training program for all employees, contractors, and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences. Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance and business continuity management. Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. Embeds Cyber Judgement across a decentralized or distributed decision-making model.Lead the Organization
Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals. Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring. Manages the budget for the information security function (opex and capex), monitoring forecasts. Manages the cost-efficient information security organization. This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews. Continue to reorganize the security team addressing gaps. Facilitate and enable training and upskilling.Set the Strategy
Define a clear medium-long term roadmap to continue to enhance and protect Operational Technology (OT) in manufacturing environment that is essential for maintain business operations and avoiding costly downtime due to cyber incidents. Ability to set a clear vision for the security program and implement it effectively. Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate. Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. Assists with the identification of non-IT managed IT services in use ("citizen IT") and facilitates a corporate IT onboarding program to bring these services into the scope of the IT function and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this information security risk is clear. Works effectively with business to facilitate information security risk assessment and risk management processes and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite.Develop Frameworks
Develops and enhances an up-to-date information security management framework based on the following (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework. Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations. Develops and maintains a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversees the approval and publication of these information security policies and practices. Creates a framework for roles and responsibilities regarding information ownership, classification, accountability and protection of information assets. Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels.Build the Network and Communicate the Vision
Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal, procurement, data privacy office and HR management teams to ensure alignment as required. Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks. Liaises with global external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies in all operating countries. Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.Operate the Function
Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties. Works with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy. Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable. Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings. Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines. Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk. Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation. Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action. Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter. Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas. Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem. Manage a regular penetration testing schedule to test systems for vulnerabilities demonstrating proactive efforts to identify and address weaknesses.The ideal candidate establishes trust and naturality builds followership. He or she is an integrator of people, processes, and technology. While the CISO creates sense of meaning for the team that generates followership and engages others for the purpose of Alcoa´s brand, he or she must also be able to coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives.
Degree in business administration or a technology-related field, or equivalent work- or education-related experience Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security. Demonstrate strong team building, team leadership, stakeholder communication, business understanding, strategy development, strategy communication, budget management, P&L experience. Proved experience in leading cybersecurity for manufacturing companies. Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists. Excellent stakeholder management skills Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization. Ability to lead and motivate the information security team to achieve tactical and strategic goals. Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Project management skills: financial/budget management, scheduling, and resource management A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital The incumbent must be fluent in local language and possess a fluent level of English.Desired, but not required:
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials. Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment. Experience with contract and vendor negotiations.Personal characteristics
High degree of emotional intelligence and ability to work cross culture environment. Poise and ability to act calmly and competently in high-pressure, high stress situations. High degree of initiative, dependability, and ability to work with little supervision while being resilient to change. High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity. A critical thinker, with strong problem-solving skills Strong problem-solving and trouble-shooting skills Self-motivated and possessing of a high sense of urgency and personal integrityMajor Customers
Data Privacy Office, Legal, Executive Team, Board of Directors, IT leadership, HR5. Qualifications
The CISO is a business leader and should have a track record of competency in the field of information security and/or risk management, with 7 to 10 years of relevant experience in manufacturing, including five years in a significant leadership role with deep understanding of OT security. Knowledge and understanding of relevant legal and regulatory requirements, such as: standards, Sarbanes-Oxley Act (SOX), IEC, NCA-KSA, Health Insurance Portability and Accountability Act (HIPAA), GDPR, HIPAA, and PCI-DSS and Data Security Standard, ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and cybersecurity framework. Experience with security technologies such as firewalls, cloud security, end point protection, OT security, intrusion detection/prevention systems, and encryption. Understanding of network and system architecture and lead a risk team mitigating security risks. Up-to-date knowledge of methodologies and trends in both business and IT.-
Ciso Chief Information Security Officer
Há 9 horas
São Paulo, São Paulo, Brasil Talent Group Tempo inteiroEmpresa de Tecnologia está em busca de um profissional para atuar como CISO Chief Information Security Officer. Você tem os ? Venha fazer parte desse time HARD SKILLS Graduação Completa na área de TI ou correlatas. Experiência sólida na área de Segurança da Informação, abrangendo experiência em gerenciamento de programas de segurança,...
-
Chief Information Officer
3 semanas atrás
São Paulo, Brasil Edgeuno Tempo inteiroLarEmpregos para Chief Information Officer em Bar...Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa.Empregos mais procuradosRio do SulGerente de ProjetosRio do SulJobbol09/05/2024Empresa de serviço de instalação elétrica admite Gerente de Projetos em Rio do Sul.Principais...
-
Chief Marketing Officer
Há 6 horas
São Paulo, São Paulo, Brasil Gold & Aron Conseil Tempo inteiroWe are seeking an analytical Chief Marketing Officer to join our productive team at Gold & Aron Conseil in São Paulo, SP.Growing your career as a Full Time Chief Marketing Officer is an awesome opportunity to develop indispensable skills.If you are strong in cooperation, people management and have the right drive for the job, then apply for the position of...
-
Chief Marketing Officer
Há 4 horas
São Paulo, São Paulo, Brasil Uptalent Tempo inteiroIntroduza o cargo ou competência para procurar empregos relevantes Introduza a sua cidade ou código postal para mostrar empregos na sua localização Lar Empregos para Chief Marketing Officer em São p... Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa. Empregos mais procurados Deseja...
-
Chief Human Resources Officer
2 semanas atrás
São Paulo, Brasil Hays Tempo inteiroIntroduza o cargo ou competência para procurar empregos relevantesIntroduza a sua cidade ou código postal para mostrar empregos na sua localizaçãoLarEmpregos para Chief Human Resources Officer em...Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa.Empregos mais procuradosDeseja atualizações...
-
Chief Human Resources Officer
3 semanas atrás
São Paulo, Brasil Hays Tempo inteiroIntroduza o cargo ou competência para procurar empregos relevantesIntroduza a sua cidade ou código postal para mostrar empregos na sua localizaçãoLarEmpregos para Chief Human Resources Officer em...Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa.Empregos mais procuradosDeseja atualizações...
-
Chief Information Officer
4 semanas atrás
São Paulo, Brasil Edgeuno Tempo inteiroLar Empregos para Chief Information Officer em Bar... Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa. Empregos mais procurados Rio do Sul Gerente de Projetos Rio do Sul Jobbol 09/05/2024 Empresa de serviço de instalação elétrica admite Gerente de Projetos em Rio do Sul.Principais...
-
Chief Human Resources Officer
2 semanas atrás
São Paulo, Brasil Hays Tempo inteiroIntroduza o cargo ou competência para procurar empregos relevantesIntroduza a sua cidade ou código postal para mostrar empregos na sua localizaçãoLarEmpregos para Chief Human Resources Officer em...Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa.Empregos mais procuradosDeseja atualizações...
-
Chief Human Resources Officer
3 semanas atrás
São Paulo, Brasil Hays Tempo inteiroIntroduza o cargo ou competência para procurar empregos relevantesIntroduza a sua cidade ou código postal para mostrar empregos na sua localizaçãoLarEmpregos para Chief Human Resources Officer em...Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa.Empregos mais procuradosDeseja atualizações...
-
Chief Information Officer
3 semanas atrás
São Paulo, Brasil Edgeuno Tempo inteiroLarEmpregos para Chief Information Officer em Bar...Desculpe Desculpe, de momento não há resultados para a sua pesquisa.Por favor, tente outro termo de pesquisa.Empregos mais procuradosRio do SulGerente de ProjetosRio do SulJobbol09/05/2024Empresa de serviço de instalação elétrica admite Gerente de Projetos em Rio do Sul.Principais...
-
Business Information Security Officer
Há 8 horas
São Paulo, São Paulo, Brasil Bank of America Tempo inteiroResponsibilities: Advise LOB management on risk issues related to information security and recommend actions in support of the bank's wider risk management and compliance programs. Monitor information security trends internal and external to the bank and keep LOB leadership informed about information securityrelated topics. Collaborate with risk partners on...
-
Chief Operating Officer
Há 9 horas
São Paulo, São Paulo, Brasil Pentasia Tempo inteiroEmprego para Chief Operating Officer em São Paulo. Desculpe, no momento não há resultados para a sua pesquisa. Por favor, tente outro termo de pesquisa. **Empregos mais procurados:** - Professor de piano - Avançado - São José do Rio Preto - Professor de inglês - 2o ano do Ensino Médio - Santa Maria (Rio Grande do Sul) - Professor de piano -...
-
Chief Revenue Officer
Há 8 horas
São Paulo, São Paulo, Brasil Foursales Tempo inteiroEstamos buscando um CRO (Chief Revenue Officer) para uma empresa de tecnologia líder em seu segmento, tendo como principais atribuições estratégias de Vendas, Performance, Comunicação & Branding e Growth. Reportando a(ao)CEO, terá as seguintes responsabilidades principais: 1. Desenvolver e implementar estratégias de vendas e receita para impulsionar...
-
Chief Revenue Officer
Há 4 horas
São Paulo, São Paulo, Brasil Foursales Tempo inteiroEstamos buscando um CRO (Chief Revenue Officer) para uma empresa de tecnologia líder em seu segmento, tendo como principais atribuições estratégias de Vendas, Performance, Comunicação & Branding e Growth. Reportando a(ao) CEO, terá as seguintes responsabilidades principais: 1. Desenvolver e implementar estratégias de vendas e receita para impulsionar...
-
Chief Revenue Officer
Há 6 dias
São Paulo, São Paulo, Estado de São Paulo, Brasil Foursales Tempo inteiroEstamos buscando um CRO (Chief Revenue Officer) para uma empresa de tecnologia líder em seu segmento, tendo como principais atribuições estratégias de Vendas, Performance, Comunicação & Branding e Growth. Reportando a(ao) CEO, terá as seguintes responsabilidades principais: 1. Desenvolver e implementar estratégias de vendas e receita para impulsionar...
-
Chief Technology Officer
2 semanas atrás
São Paulo, Brasil Coretava Tempo inteiroAre you ready to ignite our #global presence? We’re on the lookout for adynamicChief Technical Officerto join our stellar Tech Team. If you’re fuelled by ambition, tech passion, and crave innovation, this is your chance to soar with Coretava!Join the cutting-edge, international force that is #Coretava! We specialise in elevating customer experiences...
-
Chief Technology Officer
2 semanas atrás
São Paulo, Brasil Coretava Tempo inteiroAre you ready to ignite our #global presence? We’re on the lookout for adynamicChief Technical Officerto join our stellar Tech Team. If you’re fuelled by ambition, tech passion, and crave innovation, this is your chance to soar with Coretava!Join the cutting-edge, international force that is #Coretava! We specialise in elevating customer experiences...
-
Business Information Risk Officer
2 semanas atrás
São Paulo, São Paulo, Brasil MSD Tempo inteiroJob DescriptionJob Summary: The Business Information Risk Officer for Human Health & Animal Health IT & Business is the divisional trusted ITRMS advisor responsible for fostering a strong culture of information risk management and security across the organization. They will provide best-in-class services and expertise to enable the business to operate in a...
-
Chief Risk Officer
4 semanas atrás
Região Geográfica Intermediária de São Luís, Brasil Mellifera Operations Limited Tempo inteiroAt Mellifera, we are pioneers in transforming business processes. With our cutting-edge technology and deep expertise, we offer innovative solutions that streamline operations, boost productivity, and elevate overall performance. We are committed to pushing the boundaries of what's possible in the business world. As the Chief Risk Officer at Mellifera...
-
Senior Information Security Engineer
Há 6 dias
São Paulo, São Paulo, Estado de São Paulo, Brasil JP & F Consultoria Tempo inteiroLead or participate in ensuring the stability of security products designed for the Unix/Linux platform and helping connect tools and processes. Understand business processes and requirements and then provides consulting and solutions design to enable risk mitigation across the UNIX/Linux distributed platform Provide security consulting on medium projects...