Director, Cyber Security and Chief Information Security Officer
The AZEK Company
This position can be based at our headquarters office in Chicago, IL, or our manufacturing complexes in Wilmington, OH and Scranton, PA.
The AZEK Company (www.azekco.com) is a $1 Billion and growing industry-leading manufacturer of beautiful, low-maintenance, and environmentally sustainable building products, with a focus on decking and outdoor living. Consistently recognized as the market leader in innovation, quality and aesthetics, products across AZEK’s portfolio are made from up to 100% recycled material and primarily replace wood on the outside of homes, providing a long-lasting, eco-friendly and stylish solution to consumers. We are committed to accelerating the use of recycled material in the manufacturing of our innovative products, keeping millions of pounds of waste out of landfills each year and revolutionizing the industry to create a more sustainable future. In June 2020, we completed a highly successful IPO (NYSE: AZEK).
We are committed to providing a diverse, equitable and inclusive workplace where diversity of all kinds is sought out, valued, respected and appreciated. We are building and promoting a culture where everyone feels empowered to bring their full, authentic selves to work. It fuels our innovation, drives operational excellence and is a source of our competitive differentiation, while connecting us closer to our customers and the communities we serve.
Position Summary:
AZEK is seeking a Director, Cyber Security and Chief Information Security Officer. In this role you will be responsible for overseeing the company's Information Security program. As the CISO, you will be responsible for the development, implementation, and management of the company's Information Security strategy, policies, and procedures. You will be expected to lead a team of security professionals and service providers. You will collaborate with key stakeholders across the organization to ensure that AZEK's security posture is effective and compliant with applicable regulations and standards.
Your primary duties and responsibilities will be:
- Develop and implement the company's Information Security strategy, policies, and procedures that integrate business priorities and risk.
- Establish and maintain a comprehensive security program to safeguard the company's assets, including confidential data, intellectual property, and other sensitive information.
- Demonstrate in-depth industry knowledge and cyber best practices when defining AZEK’s security initiatives.
- Evaluate and manage security risks to the organization, including cyber threats, data breaches, and other security incidents. This includes the use of security assessments and information controls testing.
- Ensure compliance with applicable regulations and standards, including SOX 404, NIST CSF, NIST 800-171, HIPAA, GDPR, and other applicable Security and data privacy laws.
- Manage relationships with third-party vendors and contractors to ensure that their security practices align with AZEK's standards.
- Lead security incident response and investigation efforts, including root cause analysis, partners and stakeholders, decision criteria, communication protocols, escalation paths, and remediation planning.
- Collaborate with IT teams to ensure that security measures are integrated into the company's infrastructure and systems.
- Report program status through an intentionally designed set of standard metrics.
- Develop and deliver security awareness training to all employees and stakeholders.
- Partner with Enterprise Risk team to evolve disaster recovery and corporate crisis response.
We believe the successful candidate will have:
- At least 10-years in senior risk management and progressive security roles. Preferred experience scaling a security program in a growing organization.
- Bachelor's Degree in an Information Technology discipline. MBA preferred. As with all positions at AZEK, a satisfactory combination of education and professional experience will be considered.
- Passion for security as demonstrated by certifications (e.g., Security+, Network Security, CISA, CFE, OCSP, CISSP, and CISM certifications) and continual learning.
- Significant experience leading Incident response requiring escalation up to and including Board of Directors.
- Executive Presence and strong leadership skills with team player attributes
- Ability to deliver results in a fast-paced environment with competing and changing priorities.
- Strong communication skills verbal and written with open and direct communication style.
- Ability to influence and coach management and leadership teams.
Core Competencies:
- Action Orientation
- Drive for Results
- Business Acumen
- Problem Solving
- Ethics and Values
- Vendor Management