This company is committed to hiring Veterans

SVP Information Assurance, Risk and Security

This job is no longer active. View similar jobs.

POST DATE 8/11/2016
END DATE 11/3/2016

Cobham Plc Lansdale, PA

Cobham Plc
Lansdale, PA
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Mid-Career (2 - 15 years)


COBHAM is seeking a SVP INFORMATION ASSURANCE, RISK AND SECURITY that will establish and maintain a corporate wide information assurance and security management program to ensure that information assets are adequately protected and that any changes consider the risk position for the ongoing integrity of that information. The role is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. Existing business activity, the introduction of any new or changed services to the organization and the information assurance and risk posture for any new customer or supplier service will be required of this role. They will proactively work with business units and functions to implement practices that meet defined policies and standards for information assurance and security that meet the corporate and sometimes customer specific requirements. This position is located in either the east coast North America or the UK.


* Enhance and monitor a strategic, comprehensive enterprise information assurance, security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.

* Manage the enterprise's information security organization, consisting of direct reports and indirect reports and associated third parties. This includes hiring, training, staff development, performance management and annual performance reviews for employees and vendor assessments for third parties.

* Establish relationships with and coach individuals within smaller sites and entities on the requirements to be met to maintain the overall company security and risk posture for Information Assurance.

* Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies. Practices and practitioners.

* Create, communicate and implement a risk-based process for vendor information risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.

* Develop and manage information security budgets that acknowledge the risk profile of the organization, and monitor them for variances.

* Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

* Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.

* Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors or audit committee as part of a strategic enterprise risk management program.

* Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.

* Develop and enhance an information security management framework based on the following: ISO27001, NIST to support DFARS, Cyber Essentials and COBIT/Risk IT.

* Provide strategic risk guidance for IT projects and business projects, including the evaluation and recommendation of technical controls and procedures required to assess and maintain the information assurance and security position of any new service, application or product.

* Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures and local solutions.

* Coordinate information security and risk management projects with resources from the rest of the IT organization, the security partners and business unit teams.

* Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.

* Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

* Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.

* Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.

* Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.

* Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.

* Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.

* Coordinate the use of external resources involved in the information security program.

* Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.

* Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

* Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.

* International travel will be required to Cobham sites and where appropriate customer and supplier locations.


* Minimum 10 years experience in business, security, or technology.

* Minimum of 8 years experience in a leadership role.

* 4 years of leadership experience with risk management, information assurance and security and technology.

* Experience with information security management frameworks including ISO/IEC 27001, ITIL, COBIT, Cyber Essentials and NIST.

* Experience with legal and regulatory requirements including Sarbanes-Oxley Act (SOX), DFARS, Data Protection and export compliance requirements in the countries that Cobham operates in.

* Experience operating in a highly regulated environment.

* Experience with developing implementable and manageable information security policies and procedures.

* Experience managing multiple services and projects under strict timelines that reduce the risk position in a coherent and affordable manner.

* Experience leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

* Experience working within an organization that has entities that operate under US government SSA agreements.


* Experience within the defense and aerospace industry.

* Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

COBHAM\'S values of Trust, Talent and Technology have driven us from our launch in 1934 by Sir Alan Cobham, an aviation innovator, to becoming a global leader in state-of-the-art aerospace and defense systems. And its the insights of our innovators today that will secure our collective future innovators like you.

COBHAM is one of the world's leading companies engaged in the development, delivery and support of leading-edge aerospace and