Dir, Enterprise IT Security and Compliance -Valent North America

About Us:

Valent North America LLC is the shared services organization of Valent U.S.A. LLC and Valent BioSciences LLC, which are part of the Valent group of companies. As a wholly owned subsidiary of Sumitomo Chemical Co., Ltd., Valent North America unites the corporate Finance, Human Resources, Information Technology, Legal, and Environmental Health & Safety functions to maximize service delivery practices across the Valent group of companies.

Valent U.S.A. engages in the development, registration, sales, and marketing of integrated technological solutions for crop production and pest management that deliver value for customers and stakeholders. Valent BioSciences is a worldwide leader in the research, development, manufacturing, and commercialization of biorational products for the agriculture, public health, and forest health markets. Sumitomo Chemical is one of Japan's leading chemical companies, offering a diverse range of products globally that support a wide variety of industries and help enhance peoples' daily lives.

General Description:

This role will be responsible for implementing and managing the enterprise information Security and IT compliance office for the Valent Group Companies. You will be involved in identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to the CIO and senior leadership team across the Americas. It requires visionary leadership with sound knowledge of enterprise-wide cybersecurity technologies and the broader digital ecosystem.

This role is responsible for establishing and maintaining the information security program and compliance policies to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected.

Principal Responsibilities:

• Responsible for leading Enterprise IT security and internal IT compliance functions according to the NIST/CFS and Sarbanes Oxley standards.
• Review, update, implement, and automate IT security policies, protocols, and processes.
• Leads the information security function across companies to ensure consistent and high-quality information security management supporting the business goals.
• Governance-Create a 3-5-year roadmap for cybersecurity to improve maturity and infrastructure and continue to identify and track cyber risks.
• Secure - leverages various tools to protect its networks (Tanium, Palo Alto, CrowdStrike, etc).
• Vigilant - regular vulnerability scanning and penetration testing exercises that are conducted internally and externally by Third-Parties.
• Resilient - strides towards building a strong Incidence Response Framework that manages, communicates and remediates the security incidents.
• Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives and ensures senior stakeholder partnership.
• Work with the Sumitomo Chemicals, Parent company, and RHQ (North American regional head quarter) and South American SCC companies to implement and adhere to overarching company policies and internal IT controls.
• Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
• Works effectively with business units to facilitate information security risk assessment and risk management processes and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite.
• Directs security activities and assessments with key 3rd party security partners and develops the responses, the remediation, and ongoing adherence from those reports.
• Manages the information security program to analyze cyber-security information and utilize said information to enhance the overall security posture of the enterprise.
• Provides real-time analysis of immediate threats, and triage in the event of a security breach.
• Works closely with Information Technology and vendor management teams in providing timely security reviews & assessments to potential technologies being considered by the organization.
• Ensures IS program features are regularly tested throughout the year (i.e., pen-testing, phishing tests, etc.).
• Performs activities and reviews projects/programs which minimize the risk of data loss or breaches (i.e., user access reviews, security patch management, Single-Sign On (SSO), etc.).
• Develops and maintains a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversees the approval and publication of these information security policies and practices.
• Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
• Manages and contains information security incidents and events to protect corporate IT and group company assets, intellectual property, regulated data and the organization's reputation.
• Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
• Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas.
• Facilitates and supports the development of asset inventories, including information assets in cloud services and for other interested parties in the organization's ecosystem.

Skills & Experience

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
• Strategic leader and builder of both vision and bridges and able to energize the appropriate teams in the organization
• Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
• Excellent stakeholder management skills
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Project management skills: financial/budget management, scheduling and resource management
• A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital

Education & Qualifications:

• Bachelor's or master's degree in computer science, information systems, business administration, related field, or equivalent work experience.
• CISSP, CISM, CCSP, or SSCP certification.
• Strong understanding and experience of implementing SoX (Sarbanes Oxley) and internal IT compliance policies globally.
• 10+ years of practical IT Security work experience with direct knowledge surrounding enterprise security technologies such SSO, Privileged Access Management systems, Next-gen firewalls, VPN, Intrusion Prevention Systems (IPS/IDS), content filters, Endpoint Security systems, AV, and similar technologies.
• Advanced hands-on knowledge of information security principles and practices, including the following: National Institute of Standards & Technology (NIST) CSF, security risk assessment standards, risk assessment methodologies, and vulnerability assessments.
• Demonstrated knowledge of IS areas, such as authentication, encryption, logging, monitoring, vulnerability management and assessment

Physical Demands and Work Environment (OFFICE Position)

The physical demands and work environment characteristics described below are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical Demands include constant sitting, walking, standing, simple grasping and fine manipulation with hands; frequent bending at the neck and waist; and occasional squatting, climbing, kneeling, crawling, twisting at the neck and waist, power grasping, pushing and pulling with hands, reaching above shoulder level, lifting and carrying up to 25 lbs.
Work Environment includes exposure to or working in or around equipment and machinery including a computer keyboard and mouse.
Frequency Definitions: Occasional = Up to 25%

What We Offer:

You'll enjoy competitive compensation, consisting of base pay plus an incentive program available to all eligible full-time employees, and a comprehensive benefits package including high-quality healthcare options, 401k matching, life and disability insurance, generous time off (with time off to volunteer) and much more! Additionally, we offer several Flexible Work Arrangements to support a healthy work-life balance.

We work together to power our sustainable future. Here's what drives us: Valent North America LLC has a strong commitment to both sustainability and corporate social responsibility (CSR). In fact, being a responsible corporate citizen has been ingrained in our culture since the company's founding. Today, it remains at the forefront of everything we do.

• Valent North America LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation and/or identity, national origin, citizenship, immigration status, disabilities, or protected veteran status.

#LI-HYBRID