Director of Information Security

EssilorLuxottica • Mason, Ohio, United States • 3w ago

Requisition ID: 812608
Position:Full-Time

We are EssilorLuxottica, a global leader in the design, manufacture and distribution of ophthalmic lenses, frames and sunglasses. The Company brings together the complementary expertise of two industry pioneers, one in advanced lens technologies and the other in the craftsmanship of iconic eyewear, to create a vertically integrated business that is uniquely positioned to address the world’s evolving vision needs and the global demand of a growing eyewear industry.

With over 180,000 dedicated employees in 150 countries driving our iconic brands, our people are creative, entrepreneurial and celebrated for their unique perspectives and individuality. Committed to vision, we enable people to “see more and be more” thanks to our innovative designs and lens technologies, exceptional quality and cutting-edge processing methods. Every day we impact the lives of millions by changing the way people see the world.

Our portfolio of more than 150 renowned brands span various categories, from frames, lenses and instruments to brick and mortar and digital distribution as well as mid-range to premium segments. Our Shared Services Team, accompany and enable others within the EssilorLuxottica collective to achieve their targets. They keep people and projects running smoothly, ensuring every part of our business is provided for and well taken care of.

GENERAL FUNCTION

The Director of Information Security reports to the EssilorLuxottica CISO and is responsible for governance, policy management, detecting and preventing threat strategy and initiatives, risk management program including vendor oversight and contract validation.

MAJOR DUTIES AND RESPONSIBILITIES

Responsible for aligning IS programs with corporate initiatives.
Responsible for a strategic competence for the company in the areas of security, availability, confidentiality, processing integrity, and privacy.
Develops IS policies, standards and provides oversight of information security operations management.
Responsible for coordinating IS initiatives with IT, Legal, Procurement, Operations and Privacy stakeholders.
Manages audit, risk management, client/contractor/vendor negotiations, and cyber security management.
Partners with finance to establish IS budgets and forecasting.
Manages IS compliance team and performs on-site audits.
Collaborates with outside experts to build compliance framework and create backlog to help engineering prioritize required changes.
Reviews new vendor contracts to validate they meet security standards and evaluates Information and IT Security related topics in contract negotiations.
Establishes standards, processes and trains development teams on the importance of security and reliability standards and instill appropriate security methodology into the development and test processes (e.g. OWASP or similar).
Works with outside experts to prepare for audits, manage the internal audit response process, and work with the necessary teams to remediate.
Ensures the development, testing and implementation of appropriate security plans, products and control techniques. Help identify protection goals, objectives and metrics consistent with corporate strategic plan.
Collaborates with IT & Business to develop continuity and disaster recovery plans.
Maintains information on security compliance frameworks and audit status that is shared with customers and prospects at any point in the sales lifecycle.
Drives security awareness training including education modules for employees and global phishing testing to improve awareness of risks to employees.
Manages the global PCI DSS annual compliance program to ensure that the company maintains compliance.

BASIC QUALIFICATIONS

Bachelor’s degree in information assurance, management information systems, computer science, a similar information technology degree, or equivalent work experience.
Minimum 3 years of experience in IT or IS and compliance.
Minimum 5 years of management/director/executive experience.
Understanding of and experience with the major standards (SOC 1-2, ISO 27001/2, PCI – DSS, HITRUST, SANS, NIST,etc.) required.
Experience managing typical enterprise security & intrusion detection systems and services.
Experience with engineering and IT to assess the current security and compliance posture, identify key gaps, and lead efforts to develop incremental plans to reach those goals.

PREFERRED QUALIFICATIONS

Certified Information Systems Security Profession (CISSP), PCI – DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security manager (CISM), Global Information Assurance Certification (GIAC), or related.

Employee pay is determined by multiple factors, including geography, experience, qualifications, skills and local minimum wage requirements. In addition, you may also be offered a competitive bonus and/or commission plan, which complements a first-class total rewards package Benefits/Incentive Information including health benefits, PTO, 401K, paid family leave, tuition reimbursement, and eyewear discounts.

Upon request and consistent with applicable laws, EssilorLuxottica will provide reasonable accommodations to individuals with disabilities who need assistance in the application and hiring process. To request a reasonable accommodation, please call the Luxottica Ethics Compliance Hotline at 1-888-887-3348 (be sure to provide your name and contact information so that we may follow up in a timely manner) or email HRCompliance@luxotticaretail.com.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, national origin, social origin, social condition, being perceived as a victim of domestic violence, sexual aggression or stalking, religion, age, disability, sexual orientation, gender identity or expression, citizenship, ancestry, veteran or military status, marital status, pregnancy (including unlawful discrimination on the basis of a legally protected pregnancy or maternity leave), genetic information or any other characteristics protected by law. Native Americans receive preference in accordance with Tribal Law.

Apply