This is a senior manager leader with supervisor responsibility. This position has formal responsibility for the work products (timing, budget, quality, completeness) of their team. The position provides guidance and technical/business expertise and adds measurable value through planning, coordination and/or communication. These work products include:

• Sets vision and direction of information security governance, risk, & compliance program at World Fuel Services
• Assist the Chief Information Security Officer with the definition and implementation of policies and procedures related to information security, security monitoring, data loss prevention, and other security-related domains
• Independently contribute as well as lead the Information Security Governance, Risk, & Compliance team in generating ideas and process improvements and look for creative solutions and better ways of doing things to continuously improve information security at WFS
• Make appropriate, timely and effective decisions that support the company and its business
• Drives information security governance, risk, & compliance activities, which include but not limited to policy and standards development; information security and compliance control assessment; cybersecurity metrics & reporting; third party risk management program; and security awareness, training, & education program
• Monitor the compliance of Information Security programs, policies, procedures, and systems to satisfy company policy, regulatory, compliance requirements and to protect the company's technology and informational assets
• Define information security Key Risk Indicators for the organization to mitigate as necessary and Key Performance Indicators to monitor operational performance
• Work with domain architects to ensure IT and Cybersecurity architecture/designs, plans, controls, processes, standards, policies, and procedures are appropriately aligned with IT standards and overall IT and Information Security policies and best practices
• Promote information security awareness by developing, maintaining, and delivering information security awareness programs together with Corporate Training.
• Represent information security considerations in approved System Development Life Cycle, Change Management, Production Support and technology-enabled projects.
• Support the cause of Information Security throughout the company by actively participating as advisor to senior IT Management.
• Monitor changes in the technical, legal and regulatory arenas affecting Information Security, alert management accordingly.
• Prepare and publish Information Security reports as directed by management.

Requirements

The incumbent has in-depth knowledge and expert status in one or several key areas of expertise that is central to the company's success. The position knows how their discipline interrelates with other parts of the company.

The following technical experience is highly recommended:

• Experience in all facets of integrated security governance, risk, and compliance management
• Experience defining and employing security-related policies and procedures that effectively address vulnerabilities and maintain operational stability
• Experience using GRC (Galvanize, RSAM, etc.) and third party risk management (Galvanize, OneTrust, Prevalant, etc.) tools a must
• Experience performing risk assessments
• Experience leading, developing, and establishing best practices in a security program and risk function.
• Expert knowledge of security compliance mandates such as Payment Card Industry (PCI-DSS), ISO 27001, and CMMC
• Experience with mapping and reporting security programs against NIST Cybersecurity Framework, Secure Control Framework, Cloud Security Alliance (CSA) Cloud Control Matrix (CCM), highly desired.

The position requires the following management skills and experiences:

• Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
• Strong verbal and written communication skills
• Strong negotiation, mediation, and influencing skills
• Maturity, reliability, composure and stability under pressure
• Ability to adapt to new situations, people, ideas, procedures and to accommodate a constantly evolving work environment
• Strong communication skills and experience working with senior leadership: role must communicate effectively with Senior Executives in departments including Legal, Internal Audit and Human Resources, as well as M&A staff.
• Build successful relationships with customers, co-workers, internal audit and executive management
• Good listening skills and patience with others

The following credentials, licenses, and/or degrees are desired but not required if appropriate experience exists:

• CISSP: Certified Information Systems Security Professional
• CISM: Certified Information Security Manager
• CISA: Certified Information Security Auditor
• GSLC: GIAC Security Leadership Certification
• CASP+: CompTIA Advanced Security Practitioner+
• B.S. in Computer Science, Cybersecurity, Management Information Systems, Engineering, or related technical field