Chief Information Security Officer

Elevate Textiles is seeking an experienced and dynamic Chief Information Security Officer (CISO) to lead and shape the information security strategy for our global operations. The CISO will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO will oversee the overall security of our digital and physical assets, safeguarding critical business data, intellectual property, and ensuring compliance with applicable laws and regulations. The CISO will work directly with the business units to facilitate risk assessment and risk management processes, develop and manage the security team to implement the strategy for enterprise security, and oversee the development and implementation of security policies, standards, procedures, and guidelines. The ideal candidate will have a strong background in both IT and cybersecurity, with an ability to work across multiple regions and manage risk in a complex, fast-paced manufacturing environment.

Key Responsibilities:

• Strategy & Governance:




• Lead the development, implementation, and management of a comprehensive information security strategy to protect the company's data, networks, and systems.

• Develop and implement an information security strategy aligned with the organization's goals and objectives.
• Establish governance frameworks, policies, and procedures to manage information security risks effectively.
• Collaborate with shared services leadership and business leadership to set security priorities, allocate resources, and integrate security into business processes.

• Cybersecurity Risk Management:




• Identify, assess, and mitigate risks associated with cybersecurity, ensuring the organization's information is protected from cyber threats.

• Identify, assess, and mitigate information security risks across the organization.
• Develop and maintain a comprehensive risk management program, including regular risk assessments and audits.
• Ensure compliance with regulatory requirements and industry standards, such as GDPR, HIPAA, NIST, and ISO/IEC 27001.

• Policy Development:




• Develop and enforce information security policies, procedures, and standards that align with business objectives and industry best practices.




• Incident Response & Management:




• Oversee incident response activities, ensuring that security breaches are swiftly handled and that any vulnerabilities are remediated.

• Lead the development and implementation of an incident response plan to address security breaches and cyber threats.
• Coordinate with internal and external stakeholders to manage and mitigate the impact of security incidents.
• Oversee post-incident analysis and make recommendations for improving security posture.

• Compliance & Audits:




• Ensure compliance with data protection laws, regulations, and standards (such as GDPR, ISO 27001, NIST) in all regions where the company operates.
• Lead regular security audits and assessments.
• Secure appropriate services to maintain compliance with standards (cybersecurity insurance, appropriate legal services, etc...)




• Collaboration:




• Work closely with cross-functional teams (IT, legal, compliance, HR) and senior executives to integrate security into the fabric of the organization's culture.




• Security Awareness:




• Drive awareness and training programs across the company, ensuring employees and stakeholders are educated on the latest cybersecurity risks and best practices.
• Conduct phishing exercises, tabletops, and other events to promote security awareness and assist in training




• Third-party Risk Management:




• Evaluate and manage the cybersecurity posture of third-party vendors, partners, and contractors to ensure the company's data and systems remain secure across its entire supply chain.

Qualifications:

• Education:




• Bachelor's degree in Computer Science, Information Security, or equivalent experience is preferred.
• Relevant certifications (e.g., CISSP, CISM, CISA, or equivalent) or advanced degrees are desirable.




• Experience:




• A minimum of 10 years in information security and IT risk management, with at least 5 years in a senior leadership role.
• Experience in global manufacturing environment is a plus.
• Proven track record in building and scaling cybersecurity programs and teams.
• Strong understanding of current cybersecurity threats, trends, and technologies.

• Strong knowledge of information security principles, technologies, and regulatory requirements.
• Excellent communication, leadership, and project management skills.

• Skills:




• Expertise in security architecture, threat intelligence, incident management, data encryption, and firewalls.
• Knowledge of regulatory requirements and frameworks like GDPR, ISO 27001, PCI-DSS, and NIST.
• Ability to communicate complex security issues in clear, business-focused terms to non-technical stakeholders.
• Strong project management, organizational, and problem-solving skills.
• Proficiency in risk management methodologies and best practices.

• Proven track record of successfully managing information security programs in a complex, multi-faceted organization.
• Ability to think strategically and translate business objectives into effective security measures.
• Experience with cloud security, data protection, and emerging technologies.
• Strong analytical and problem-solving skills, with the ability to make sound decisions under pressure.
• Collaborative mindset, with the ability to work effectively with diverse teams and stakeholders.

Preferred Skills:

• Experience in managing information security for multinational companies.
• Familiarity with security solutions specific to manufacturing environments.
• Knowledge of cloud security platforms and remote workforce management.