Brown-Forman Global Director - IT Security and Governance in Louisville, Kentucky
Scope: The Global Director of Information Technology Security and Governance is responsible for assessing current cyber security capabilities, quantifying risk, and developing strategies for protecting Brown-Forman’s applications, assets and systems globally. They are responsible for advancing Brown-Forman’s IT security roadmap as well as revising it as needed.
This position also directs the Quality Assurance & Governance functions which are responsible for leading quality testing, managing the change control process and overseeing our IT Sarbanes Oxley compliance.
Responsibilities and Competencies:
Responsible for identifying, assessing, and developing information technology security strategies across the enterprise, including all web-based applications. These risks include, but are not limited to- regulatory compliance, information security, disaster recovery, project risks and responses to IT audits.
Strong background or knowledge in information security management principles, SAP application security implementation methodologies, role based access controls, distributed systems administration, identity management, and distributed system recovery.
Provides direction on enterprise security architecture and framework, including appropriate safeguard and controls.
Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in the business and IT). This includes hiring, training, staff development, performance management and annual performance reviews.
Reviews work of security engineers, analysts and specialists, provides feedback on assigned tasks and assists with more complex activities.
Understands security trends and practices to lead/direct corporate security strategy.
Understands testing methodology to assure overall quality of technical deliverables including release management concepts, change control and testing methodologies and practices.
Annually review information security policies and procedures and perform a GAP analysis to company's adopted policies/guides changes and updates.
Guides and manages information security investigations including incident management, attack and penetration, disaster recovery, etc.
Serves as the process and control owner for global SAP Security related IT controls
Develops, plans, and communicates compliance remediation progress to a variety of internal and external audiences, including internal and external auditors, the corporate management team, and vendors.
Promotes the use of IT risk management tools, such as information security metrics, to ensure consistent measurement and reporting of risk across business units. Has the ability to manage risk with controls necessary.
Develops/Manages the implementation and monitoring of SAP role designs to ensure achievement of security outcomes that are sustainable and effectively control risks.
Guides, refines and implements quality assurance/testing strategy for the Information Technology Department.
Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Bachelor’s Degree in Business Administration, Computer Science or related field and 10-15 years progressive experience in Information Systems including testing practices and methodologies
10+ years of experience in the development and implementation of security strategies and processes for medium to large scale business systems.
Demonstrated IT security experience with SAP ECC 6.0 (R/3), Business Intelligence, Customer Relationship Management, Enterprise Portal, Supply Chain Management.
Proven ability to create organizational vision, mission, goals and objectives for the company wide security practice.
HIPAA, Sarbanes-Oxley and other privacy related understanding.
Proven ability to effectively communicate ideas and solutions across all levels of the corporation, including system users, senior management, technical personnel and consultants.
Proven ability to lead, manage and develop a team of IT security professionals
Demonstrated knowledge of emerging trends in information security user provisioning, regulatory requirements, implementing security policies standards, procedures, education and awareness program and methodologies.
Demonstrated knowledge quality assurance and testing strategies and activities.
Experience interacting with internal and external audit functions required
5+ years IT security experience with SAP ECC 6.0 (R/3), Business Intelligence, Customer Relationship Management, Enterprise Portal, Supply Chain Management.
Familiarity with Project and Program Management (PPM) processes and tools preferred
Experience with formal communications to corporate and divisional management preferred
Professional certifications (CISA, CISM, CISSP) preferred.
Brown-Forman Corporation is committed to equality of opportunity in all aspects of employment. It is the policy of Brown-Forman Corporation to provide full and equal employment opportunities to all employees and potential employees without regard to race, color, religion, national or ethnic origin, veteran status, age, gender, gender identity or expression, sexual orientation, genetic information, physical or mental disability or any other legally protected status.
Business Area: Global Information Technology
Req ID: JR-00001579