Brown-Forman Jobs

Job Information

Brown-Forman Global Director - IT Security and Governance in Louisville, Kentucky

Scope: The Global Director of Information Technology Security and Governance is responsible for assessing current cyber security capabilities, quantifying risk, and developing strategies for protecting Brown-Forman’s applications, assets and systems globally. They are responsible for advancing Brown-Forman’s IT security roadmap as well as revising it as needed.

This position also directs the Quality Assurance & Governance functions which are responsible for leading quality testing, managing the change control process and overseeing our IT Sarbanes Oxley compliance.

Responsibilities and Competencies:

  • Responsible for identifying, assessing, and developing information technology security strategies across the enterprise, including all web-based applications. These risks include, but are not limited to- regulatory compliance, information security, disaster recovery, project risks and responses to IT audits.

  • Strong background or knowledge in information security management principles, SAP application security implementation methodologies, role based access controls, distributed systems administration, identity management, and distributed system recovery.

  • Provides direction on enterprise security architecture and framework, including appropriate safeguard and controls.

  • Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in the business and IT). This includes hiring, training, staff development, performance management and annual performance reviews.

  • Reviews work of security engineers, analysts and specialists, provides feedback on assigned tasks and assists with more complex activities.

  • Understands security trends and practices to lead/direct corporate security strategy.

  • Understands testing methodology to assure overall quality of technical deliverables including release management concepts, change control and testing methodologies and practices.

  • Annually review information security policies and procedures and perform a GAP analysis to company's adopted policies/guides changes and updates.

  • Guides and manages information security investigations including incident management, attack and penetration, disaster recovery, etc.

  • Serves as the process and control owner for global SAP Security related IT controls

  • Develops, plans, and communicates compliance remediation progress to a variety of internal and external audiences, including internal and external auditors, the corporate management team, and vendors.

  • Promotes the use of IT risk management tools, such as information security metrics, to ensure consistent measurement and reporting of risk across business units. Has the ability to manage risk with controls necessary.

  • Develops/Manages the implementation and monitoring of SAP role designs to ensure achievement of security outcomes that are sustainable and effectively control risks.

  • Guides, refines and implements quality assurance/testing strategy for the Information Technology Department.

  • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

Must Experience:

  • Bachelor’s Degree in Business Administration, Computer Science or related field and 10-15 years progressive experience in Information Systems including testing practices and methodologies

  • 10+ years of experience in the development and implementation of security strategies and processes for medium to large scale business systems.

  • Demonstrated IT security experience with SAP ECC 6.0 (R/3), Business Intelligence, Customer Relationship Management, Enterprise Portal, Supply Chain Management.

  • Proven ability to create organizational vision, mission, goals and objectives for the company wide security practice.

  • HIPAA, Sarbanes-Oxley and other privacy related understanding.

  • Proven ability to effectively communicate ideas and solutions across all levels of the corporation, including system users, senior management, technical personnel and consultants.

  • Proven ability to lead, manage and develop a team of IT security professionals

  • Demonstrated knowledge of emerging trends in information security user provisioning, regulatory requirements, implementing security policies standards, procedures, education and awareness program and methodologies.

  • Demonstrated knowledge quality assurance and testing strategies and activities.

  • Experience interacting with internal and external audit functions required

Preferred Experience:

  • 5+ years IT security experience with SAP ECC 6.0 (R/3), Business Intelligence, Customer Relationship Management, Enterprise Portal, Supply Chain Management.

  • Familiarity with Project and Program Management (PPM) processes and tools preferred

  • Experience with formal communications to corporate and divisional management preferred

  • Professional certifications (CISA, CISM, CISSP) preferred.

Brown-Forman Corporation is committed to equality of opportunity in all aspects of employment. It is the policy of Brown-Forman Corporation to provide full and equal employment opportunities to all employees and potential employees without regard to race, color, religion, national or ethnic origin, veteran status, age, gender, gender identity or expression, sexual orientation, genetic information, physical or mental disability or any other legally protected status.

Business Area: Global Information Technology

City: Louisville

State: Kentucky

Country: USA

Req ID: JR-00001579

Brown-Forman Corporation is committed to equality of opportunity in all aspects of employment. It is the policy of Brown-Forman Corporation to provide full and equal employment opportunities to all employees and potential employees without regard to race, color, religion, national or ethnic origin, veteran status, age, gender, gender identity or expression, sexual orientation, genetic information, physical or mental disability or any other legally protected status.

Accommodations available upon request including an Interpreter.

Applicants to and employees of this company are protected under Federal law from discrimination on several bases. Follow the links below to find out more.

EOE Minorities/Females/Protected Veterans/Disabled/ Sexual Orientation & Gender Identity

DirectEmployers