Perdue Farms is a family-owned food and agriculture company now in its second century of growth and innovation. We were founded on trust—a value that carries through everything we do. Perdue Foods is a leader in Premium Proteins and Perdue AgriBusiness ranks among the top US grain companies.
Summary
The Director of Cybersecurity Risk Management plays a critical role in leading Perdue’s enterprise cyber risk program in managing and reducing cyber risk while enabling strategic IT and business outcomes. In this role you will oversee a team leading and building out our cybersecurity risk practice, security assessments, third party risk, control frameworks, policies, standards, and reporting metrics. The ideal candidate will be an experienced risk professional, with strong knowledge of multiple cybersecurity domains, industry frameworks (e.g. NIST CSF, 800-53) and industry and regulatory requirements (e.g. SOX, HIPAA, PCI, CCRA). As a thought leader you will provide strategic input into our multi-year roadmaps, cyber risk strategy, and advise IT and business stakeholders on cyber risk.
This position is based at corporate headquarters in Salisbury, MD.
The salary range for this position is $143,000 - $215,000 per year, based on experience and qualifications with annual bonus available (variable depending on performance).
In addition to the base salary, Perdue offers a competitive benefits package, including medical/Rx, 401(k) with employer match after 1 year, critical illness, accident insurance, dental, vison, life insurance, optional group life insurance, short-term and long-term disability protection, flexible spending accounts and paid time off.
Principal And Essential Duties & Responsibilities
- Reporting directly to the CISO, this role will help mature the cybersecurity governance, risk, and compliance program, including build out of the program and three-year roadmap.
- Leading the development and implementation of a comprehensive cybersecurity frameworks (NIST CSF) and benchmarking maturity targets.
- Lead the development and implementation of comprehensive cybersecurity policies, standards, and procedures, ensuring they are current, relevant, and communicated effectively across the organization.
- Leading a team to develop comprehensive security assessments to identify, assess, and prioritize cybersecurity risks that include risk mitigation strategies with IT and business teams.
- Oversee build-out of GRC platform and capabilities for tracking of risk and compliance (e.g. risk register, risk documentation, risk acceptance, asset classification, etc.)
- Manage and oversee third party cyber risk program, partnering with key technical and business stakeholders (Procurement, Legal, Enterprise Risk, etc.), to ensure cyber protections, resilience, and contractual provisions in our vendor and supplier operations and agreements.
- Develops metrics and reporting to track performance of cybersecurity program as well as prioritize risk and develop a risk-informed strategy for addressing current gaps and future threats.
- Partner with Internal Audit on addressing the assessment of internal controls, findings, and SOX / ITGC compliance.
- Evaluate cyber trends and compliance requirements to ensure organizational efficiency and alignment with the overall cybersecurity mission, vision, and strategy.
- Conduct bi-annual cyber maturity assessment to assess progress against desired level and industry targets.
- Provide governance for DR planning and cyber resilience.
- Stay abreast of evolving cybersecurity threats, regulations, and industry best practices.
Minimum Education And Experience
BS degree in Business, Information Security, Management Information Systems or related major, and at least 10 years of experience in cybersecurity with a minimum of five (5) years demonstrated expertise in cybersecurity governance, compliance, and third-party risk management. Must have proven leadership experience with at least 5 years’ experience managing cross-functional teams or projects. Must have In-depth knowledge of IT security governance and operations, including creating and implementing security frameworks, policies, and procedures
The ideal candidate will also have:
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), etc.
- Strong understanding of risk management principles and compliance requirements related to cybersecurity.
- Experience with various industry regulations and frameworks (PCI, HIPAA, Privacy Laws, ISO27001/2, NIST CSF, etc.)
- Experience with GRC tools such as Service Now, Archer, etc.
- Experience developing, tracking, and reporting on KPIs/KRIs for reporting and status updates.
- Strong communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.
- Strong verbal and written communication skills, with the ability to effectively communicate complex cybersecurity and IT issues to non-technical stakeholders.
- Experience in coordinating work across multiple functions and be adept at building consensus across organizational and functional lines.
- Strong analytical, including data mining, analysis, trending, problem solving and project management skills.
- Thorough understanding of cyber threats and vulnerabilities.
- Excellent leadership and team management skills.
Environmental Factors And Physical Requirements
- Position is mostly sedentary but may require occasional moving to other offices or buildings.
- May need to move light equipment or supplies from one place to another.
- May need to access files, supplies and equipment.
- Work activity is in an office, open-partitioned, cubicle environment.
Perdue Farms, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.