Senior Director, Information Security

E2open is the connected supply chain platform that enables the world’s largest companies to transform the way they make, move, and sell goods and services. We connect more than 400,000 partners as one multi-enterprise network. Powered by the network, data, and applications, our SaaS platform anticipates disruptions and opportunities to help companies improve efficiency, reduce waste, and operate sustainably. Our employees around the world are focused on delivering enduring value for our clients.

Senior Director, Information Security
DEPARTMENT: R&D InfoSec
BUSINESS UNIT: Corporate

REPORTS TO: SVP InfoSec

Direct Reports: Yes

POSITION OVERVIEW

E2open is seeking a Senior Director of Information Security to join our team. This role will be responsible for managing and leading Security Operations, Secure SDLC, Defense in depth architecture, Artificial intelligence security, cyber security initiatives, Security controls, application security testing, customer engagement on security and vulnerability management initiatives.

The Senior Director of Information Security will provide leadership to the Information Security team.  The role is responsible for maintaining and expanding E2open’s cybersecurity program and implementing security controls. Senior Director must collaborate with global cross functional groups and understand current and future risks to improve the Information Security Management System (ISMS)

RESPONSIBILITIES

• Define and drive an Information Security Roadmap program to improve the security posture at all levels of the organization, including key initiatives such as Defense in depth security architecture, Data Loss Prevention, Email Encryption, Privileged Access Management, AI security and Active Directory Remediation
• Drive and provide regular reporting on the status of the information security program to senior business leaders as part of a strategic enterprise risk management program.
• Lead SOC and provide clear risk mitigating directives for operations and projects with components in IT, including mandatory application controls.
• Develop, implement, and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled and/or processed by the organization.
• Develop and enhance an up-to-date information security management framework.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation, and increase information security maturity.
• Ensure that security is embedded in the project delivery process by providing appropriate information security policies, practices, and guidelines.
• Oversee technology dependencies outside of direct organizational control and the creation of alternatives for managing risk.
• Manage and contain information security incidents and events that protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Coordinate the development of implementation of incident response plans, customer communications and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas.
• Other tasks and activities as assigned

QUALIFICATIONS AND EXPERIENCE:

• Proven track record and experience in leading and developing information security controls, security architecture, policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Extensive experience with hybrid infrastructure with an extensive cloud ecosystem required.
• 12+ years of progressive IT experience in a combination of Risk Management, Compliance or IT roles.
• At least 6 years must be in a leadership role in Information Security.
• Knowledge of applicable industry rules (ISO27001, GDPR, PCI, SOX, etc.), and expertise in entity controls and audit best practices.
• Risk management experience with proven ability to effectively apply risk principles to challenging business situations.
• Impeccable executive presentation and communication skills.
• Excellent influencing and problem resolution skills.
• Experience documenting business processes or technical procedures.
• Security Certifications such as CISSP and CISM are encouraged.
• Undergraduate degree in Business, Organizational management, MIS or Computer Science preferred.
• Exceptional interpersonal verbal and written skills in English.
• Very high level of initiative, self-confidence, energy, and personal integrity
• Quick learner, pragmatic and ability to adapt to multiple tasks.

E2open is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

E2open participates in the E-verify program in certain locations, as required by law.

E2open does not accept unsolicited referrals or resumes from any source other than directly from candidates or preferred vendors. We will not consider unsolicited referrals.