Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is responsible for leading and directing the global information security strategy, policy, and program for the organization. This role involves safeguarding the company's information assets, managing risks, and ensuring compliance with relevant regulations across all regions in which the company operates. The CISO will collaborate closely with the CIO, legal, privacy, and business leaders, as well as senior management, IT staff, internal and external auditors, and other stakeholders to update and enhance the existing security plan based on evolving business dynamics.
This position also involves overseeing global security architecture, engineering, and operations; managing and maturing the Governance, Risk, and Compliance (GRC) team; organizing and leading the Executive Security Council; ensuring compliance with global regulatory requirements; and continuously improving the organization's security posture while maintaining financial and operational efficiency.
Essential Functions
· Update and Implement Security Strategy: Refine and execute a global information security strategy that adapts to business dynamics and aligns with the organization's objectives and regulatory requirements across all regions, incorporating cybersecurity frameworks such as ISO 27001 and COBIT for IT-related risks and IT governance. Focus on improving the organization's overall security posture while balancing financial and operational efficiency.
· Global Security Architecture and Engineering: Lead the development and implementation of global security architecture and engineering strategies to protect the organization's information assets. Oversee the design, deployment, and management of security technologies and controls worldwide, including cloud security, AI & ML security, and data privacy, ensuring solutions are both effective and cost-efficient
· Global Security Operations: Direct the global security operations to ensure effective monitoring, detection, response, and recovery from security incidents. Implement and oversee advanced security monitoring systems and tools across all regions, optimizing for both security and cost-effectiveness.
· Oversight of Global GRC Team: Provide strategic oversight and management of the Governance, Risk, and Compliance (GRC) team, ensuring its maturation and alignment with the organization's global security objectives. Develop and enhance the GRC function to ensure effective governance, risk management, and compliance practices globally, while maintaining operational efficiency. Leverage metrics and share with the Cybersecurity and Senior Leaders to make data driven decisions.
· Third-Party Risk Management: Formalize and mature the third-party risk management program by establishing a comprehensive framework to evaluate, monitor, and manage risks associated with third-party vendors and partners across all regions. Ensure ongoing risk assessments, compliance reviews, and continuous improvement of third-party security practices, with a focus on minimizing costs and maximizing security.
· Regulatory Compliance: Manage and address compliance with NIS2 and other global regulatory requirements, including but not limited to GDPR, CCPA, and industry-specific standards. Oversee efforts to achieve and maintain CTPAT certification and any other relevant certifications globally, while ensuring efficient use of resources.
· Policy and Compliance: Maintain, enforce, and update global information security policies, standards, and procedures to ensure compliance with current laws, regulations, and industry standards in all regions. Strive for policies that enhance security while promoting operational and financial efficiency.
· Incident Response: Lead the global incident response team in identifying, investigating, and responding to security breaches and incidents. Regularly update and maintain an incident response plan that addresses regional and global considerations, ensuring rapid response capabilities with minimal impact on business operations and costs.
· Executive Security Council: Organize and lead the Executive Security Council, ensuring cross-functional and regional alignment on security priorities, strategies, and risk management. Facilitate regular meetings and provide guidance to senior leaders and board members on global security-related matters, balancing risk reduction with cost management.
· Security Metrics and Reporting: Oversee and enhance global security monitoring systems. Develop and implement security metrics to measure and report on the status of the global information security program. Provide regular updates to senior management and board members on security posture improvements, risks, incidents, and compliance with global regulatory requirements.
· Security Awareness: Foster a culture of security awareness across the global organization through ongoing training programs and communication initiatives, ensuring programs are both impactful and cost-effective.
· Collaboration: Collaborate closely with IT, legal, privacy, compliance, and business units to integrate security practices into organizational processes and projects on a global scale, emphasizing efficiency and cost-effectiveness.
· Auditor Collaboration: Work closely with internal and external auditors to support audits, address findings, and ensure that security controls are effectively designed, implemented, and maintained.
· Monitoring and Reporting: Oversee and enhance global security monitoring systems. Provide regular updates and reports to senior management on the status of the global information security program, focusing on both security posture improvements and cost management.
· Budget Management: Develop and manage the global information security budget, ensuring efficient allocation and use of resources across all regions, and optimizing for financial efficiency without compromising security.
· Vendor Management: Evaluate and manage relationships with global security vendors and service providers to ensure alignment with the organization's security objectives and cost-effectiveness.
· Other duties as assigned.
Education and Experience
· Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A master’s degree or relevant certifications (e.g., CISSP, CISM, CISA) is preferred.
· A minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
· Technical Skills: In-depth knowledge of information security principles, practices, and technologies. Experience with security frameworks such as NIST and knowledge how to apply and implement in security program.
· Leadership: Proven ability to lead and manage a diverse, global team of security professionals, including security architecture, engineering, and operations. Strong decision-making, problem-solving, and project management skills.
· GRC Oversight: Demonstrated experience in overseeing and maturing a Governance, Risk, and Compliance (GRC) function as a strategic owner on a global scale.
· Collaboration: Demonstrated experience in working closely with legal, privacy, business leaders, and internal and external auditors across different regions to ensure security practices align with organizational goals.
· Executive Council Leadership: Experience organizing and leading cross-functional executive committees or councils to drive security strategy and alignment globally.
· Regulatory Compliance: Experience managing compliance with NIS2, GDPR, CCPA, and other global regulatory requirements, including maintaining certifications such as CTPAT.
· Third-Party Risk Management: Proven experience in developing, implementing, and maturing a third-party risk management program, including conducting assessments and managing vendor relationships to mitigate risks globally.
· Communication: Excellent verbal and written communication skills. Ability to articulate complex security concepts to board members and non-technical stakeholders across different regions.
· Analytical Skills: Strong analytical and critical thinking abilities. Experience in conducting risk assessments and vulnerability testing.
· Ethical Standards: High level of integrity and ethical standards in managing sensitive information.
Environmental, Health, Safety, & Security (EHS&S) Requirements
· Avient integrates EHS&S into all aspects of our operations. Each position at Avient is responsible for complying with all applicable EHS&S requirements. Additionally, employees and management are responsible for reporting all EHS&S incidents immediately to ensure we keep EHS&S a priority within the organization.
Security includes physical security and cyber security.
Who We Are
Avient Corporation provides specialized and sustainable material solutions that transform customer challenges into opportunities, bringing new products to life for a better world. Examples include:
· Dyneema®, the world’s strongest fiber™, enables unmatched levels of performance and protection for end-use applications, including ballistic personal protection, marine and sustainable infrastructure and outdoor sports
· Unique technologies that improve the recyclability of products and enable recycled content to be incorporated, thus advancing a more circular economy
· Light-weighting solutions that replace heavier traditional materials like metal, glass and wood, which can improve fuel efficiency in all modes of transportation and reduce carbon footprint
· Sustainable infrastructure solutions that increase energy efficiency, renewable energy, natural resource conservation and fiber optic / 5G network accessibility
Avient employs approximately 10,000 associates and is certified ACC Responsible Care®, a founding member of the Alliance to End Plastic Waste and certified Great Place to Work®. For more information, visit www.avient.com.
Why Avient
Avient Corporation is a world-class sustainable organization built on innovation, collaboration, and employee development. We are committed to providing a supportive and dynamic work environment where our diverse associates can grow and succeed, as well positively impacting our planet and the communities we serve. Our Great Place to Work culture, values, and benefits make Avient an employer of choice for top talent.
We believe diversity of ideas and backgrounds gives us the creativity to be successful in a rapidly changing world. In support of this, we stress equality of opportunity for all qualified individuals in accordance with applicable laws. Decisions on hiring, promotion, development, compensation or advancement are based solely on a person’s qualifications, abilities, experience and performance.
Avient Corporation is a drug free workplace. Avient is an equal opportunity employer. We maintain a policy of non-discrimination in providing equal employment to all qualified employees and candidates regardless of race, sex, sexual orientation, gender identity, age, color, religion, national origin, disability, genetic information, protected veteran’s status, or other legally protected classification in accordance with applicable federal, state and local law.
#LI-MM1
#LI-Hybrid