Vice President - Chief Information Security Officer (CISO) - Chicago or New York

What makes this a great opportunity?

• Suntory Global Spirits is a world leader in premium spirits with $5.5 billion in annual revenues and an ambition to become the World’s Most Admired Premium Spirits Company. We have a strong vision and strategy, an incredible brand portfolio grounded in quality and craftsmanship, an unwavering commitment to sustainability and top talent across the organization. We are focused on driving value across key priorities including American whiskey, Japanese Spirits, Scotch, Tequila and Ready-to-Drink. Headquartered in New York City, Suntory Global Spirits is a subsidiary of Suntory Holdings, which is world renowned for delivering quality and excellence across a range of products and categories.

• This is an exciting opportunity to create and drive the Enterprise Security and Risk Management vision, implement best practices, and lead a critical global function that is key to our long-term growth and profitability

• Potential growth beyond this role to partner with Suntory Holdings and other subsidiaries to lead the definition and implementation of global security best practices

Role Responsibilities

Strategic Leadership and Stakeholder Management:

•    Actively engage with business stakeholders and Digital and Technology (D&T) team to create a strategic roadmap aligning with Suntory Global Spirits’ goals and risk appetite.

•    Identify technology solutions that meet business needs, as well as continue to protect our brand reputation and security risk across the enterprise network, manufacturing operational technology (OT) network and business applications including SAP and deliver it by collaborating with IT team and operationalize it for day to day.

•    Engage with external stakeholders, including regulators, insurance companies, partners, and customers, to promote transparency and trust in the organization’s cybersecurity posture.

Information Security Governance:

•    Manage the Information Security Committee as a governance body to get approval, make decision making, share the progress and so on.
•    Partner with IT, Engineering, Legal, and Internal Audit and other related business departments to design and implement security policies, protocols and vendor governance
•    Develop, implement and maintain corporate policies and procedures associated with technology usage and data sharing, usage and protection, encompassing both enterprise information and third-party data
•    Deploy a comprehensive security training and awareness program for the employees that emphasizes the individual's role and responsibility in corporate security and privacy
•    Lead vendor selection and management for cybersecurity partners

Risk Management:
•    Established the cybersecurity risk framework, incorporating standardized security/privacy assessments, to enable prioritization of conversations and drive decisions with executive leadership by information security steering committee.
•    Establish an iterative threat intelligence and detection program.  Identify and implement solutions for real time monitoring and predictive threat management.
•    Review technology architecture from a security point of view.
•    Continue to move the organization to proactive verses reactive threat management and scale response across the global organization
•    Prepare and present information security risks and roadmaps to the executive leadership and key stakeholders
•    Partner and enable outside advisors to perform risk assessments, tabletop exercises, forensics and threat intelligence

Incident Response and Recovery:

•    Develop and maintain an incident response plan to address cybersecurity incidents effectively and minimize business disruption.
•    Lead incident detection and response through the Security Operations Center, audit/risk compliance functions and the incident response team.
•    Ensure the organization is prepared to respond to and recover from cyber incidents, emphasizing resilience over prevention.
Team Development and Management:
•    Build and lead a high-performing cybersecurity team, fostering a culture of accountability and continuous improvement.
•    Collaborate with cross-functional teams to enhance cybersecurity capabilities and ensure alignment with business objectives
•    Actively engage and lead in the Suntory Holdings security network to drive the advancement of security practices group-wide
Innovation and Continuous Improvement:
•    Stay abreast of emerging cybersecurity trends, threats, and technologies, adapting the security strategy as necessary.
•    Lead sourcing, delivery and ongoing operations of new security technology approaches implementing next generation global information security services and solutions utilizing standard program management methodologies driving collaboration, integration and optimization of resourcing across the IT functions

Qualifications

•    Minimum of 10 years of experience in information security, with at least 5 years in a leadership role
•    Deep knowledge of information risk, security concepts, security operations and regulatory compliance requirements (e.g. NIST and SOX compliance)
•    Cross-platform expertise in cybersecurity, including Infrastructure, Manufacturing OT, Digital and SAP and business Application Security
•    Understanding of global privacy policies, procedures & experiences in translating to action (i.e. HIPPA, GDPR, CPPA)
•    Proven track record of developing and implementing successful cybersecurity strategies in complex environments
•    Proven track record implementing risk management programs and building collaborative working relationships across functions and partners
•    5+ years of experience interpreting complicated and / or ambiguous regulatory requirements in order to establish understandable and practicable requirements for the organization and staff
•    10+ years of experience in managing incident response/business continuity/disaster recovery, IT and cybersecurity audits, risk management, vulnerability assessments, penetration testing, etc.
•    10+ years of experience building and leading global teams in multiple countries and time zones
•    10+ years of experience leading and operating in a managed service, multi-partner/vendor environment
•    3+ years of experience delivering security and risk presentations to executive stakeholders and Board level
•    Certifications: Relevant certifications such as CISSP, CISM, or CISA are highly desirable.
•    Travel less than 10% (if any)