LyondellBasell (NYSE: LYB) is one of the world's largest plastics, chemical and refining companies and a member of the S&P 500. LyondellBasell (www.lyondellbasell.com) manufactures products at 55 sites in 17 countries. LyondellBasell products and technologies are used to make items that improve the quality of life for people around the world including; packaging, electronics, automotive parts, home furnishings, construction materials and biofuels.Basic Function
We are looking for a strong, inspirational, and effective leader, who will deliver on the relentless execution of our global strategy as well as the development of the people that enable this company to achieve these goals. The position oversees a talented team of ~18 employees, along with outsourced partners for incident response, threat management, information, and digital asset protection, digital forensics, information security governance, compliance, and security awareness.
The Director of Information Security reports directly to the enterprise Director of Cybersecurity, working with executive management to determine acceptable levels of risk for the organization. This role is part of the global leadership team with direct accountability for the LYB's global digital security and information security risk management program. The successful candidate should be expert at understanding and articulating the impact of digital security on business processes and be able to communicate this at all levels of the organization. The successful candidate will work with business and manufacturing partners to implement practices, policies, and standards for information security.Roles & Responsibilities
- Create and implement a strategy for the deployment and development of information security technologies, policies, standards, and practices to secure protected and sensitive data and digital assets
- Create and implement a strategy for information security governance, risk management, audit support, awareness, and compliance programs to ensure ITS services remain in compliance with internal and regulatory security policies and standards
- Serve as primary control point during significant information security incidents, convening a Security Incident Response Team (SIRT) as needed
- Serve as the process owner of the assurance activities for compliance related to:
- confidentiality, integrity, and availability;
- protection, privacy, and recovery of information;
- governance processes such as change, supplier risk, and disaster recovery
- Champion and educate the organization's staff about the latest security risks, strategies, and technologies
- Regularly report and advise on best practices and information security strategies to senior company leadership on evolving risks, the state of the digital security controls, and the portfolio of security projects
- Participate as an active member of the CIO's global leadership team helping to drive strategy
- Develop/implement ITS business continuity plans to ensure continuous service if disaster recovery plan is triggered (infrastructure/systems events, security breach or other disruptions)
- Partner with legal and human resource officers in conducting investigations, preparing situational reports, and tracking remediation plans in connection with information security incidents and breaches
- Manage digital security vulnerability, technical, and risk assessments to continuously assess current digital security practices and systems
- Manage the Security Operations Center to detect, respond, and contain internal and external attacks across the enterprise
- Provide authoritative approval of new solutions and technology supporting project governance processes
- Maintain a comprehensive component level understanding of the company's systems, data flows, applications, technologies, security controls, threats, weaknesses, and countermeasures
- Manage relationships with security suppliers, experts, and advisors to ensure that initiatives meet policy, standards, and risk acceptance profiles
- Establish and implement information security standards and criteria for hardware, software, firmware, access controls, supply chain, third party solutions, and encryption
- Effectively manage the annual information protection operating and investment budget
- Bachelor's degree in Cyber Security, Computer Science, or related discipline required
- Significant experience (15+ years) in a high-transaction, services-oriented, multinational, and intercultural business
- 5 years or more years of experience as CISO or similar role for a global commercial operation
- Strong leadership experience in information security within a large, complex, fast paced, and dynamic company
- Direct experience in the areas of systems administration, applications development, database administration, network operations, and data center operations
- Experience securing various deployment strategies such as Managed Hosting, Infrastructure-as-a-service (Azure), Platform as a service (Salesforce), Software as a Service (Concur), etc.
- Strong 'service provider' and 'business partner' orientation. A visible, collaborative, and accessible leader to both the ITS organization and the rest of the company
- Deep experience with security frameworks (e.g. ISO 27000, CIS Critical Security Controls, Responsible Care, CFATS, NIST Framework for Improving Critical Infrastructure Security, SOX, and HIPAA/HITECH)
- Expertise in compliance/governance controls development and validation, information system auditing including computer security reviews, control selection, and evaluation of systems risk
- Expertise in computer forensic investigation methodology and investigation tools to collect, analyze and preserve electronic evidence.
- Proven record of delivering business critical projects within challenging time frames, multiple stakeholders' groups and competing priorities
- Proven experience evaluating and managing cyber security risk of third parties; proven understanding of information security risk assessment and risk management procedures and methodologies
- Ability to correlate enterprise risk with appropriate administrative, physical, and technical security controls
- Strong knowledge of information security principles, standards, practices, and technologies
- Considerable experience leading transformational change within technology organizations and our business partners
- Ability to travel 35 percent, domestically and internationally.
- Proven leadership ability
- Demonstrated executive presence and influence, ability to build client relationships and create client satisfaction throughout the project lifecycle
- Ability to set and manage priorities judiciously
- Budget planning and management
- Excellent written and oral communication skills
- Excellent interpersonal skills
- Ability to articulate ideas to both technical and non-technical audiences
- Exceptionally self-motivated and directed
- Superior analytical, evaluative, and problem-solving abilities
- Exceptional service orientation
- Ability to motivate in a team-oriented, collaborative environment
- Experienced managing and building relationships with external auditing vendors including statement of work, resource and business scheduling and finding negotiations.
- Nimble and decisive with as demonstrated entrepreneurial approach to business process, balancing control with flexibility, procedure with simplicity, and willingness to innovate and change while creating an environment of rigor and discipline.
- Master's degree
- Certified Information Security Systems Security Professional (CISSP)
- Working knowledge of an ERP system (e.g., SAP)
Must be at least 18 years of age and must be legally authorized to work in the United States (US) on a permanent basis without visa sponsorship.
LyondellBasell does not accept or retain unsolicited résumés or phone calls and/or respond to them or to any third party representing job seekers.
LyondellBasell is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, veteran status, and other protected characteristics. The US EEO is the Law poster is available here.
Nearest Major Market: Houston