Director, IT Global Security, Risk and Compliance

Director, IT Cybersecurity

The Director, IT Cybersecurity is accountable for establishing and maintaining an enterprise information risk management program to ensure Mosaic information assets are adequately protected. Additional responsibilities include developing security policies, standards, and guidelines; working with business leaders to facilitate IT risk assessments and identifying acceptable levels of residual risk; managing security incidents and events; and directing security and risk management projects.

Provide work direction to the team as well as timely and constructive feedback to ensure employees have a clear understanding of their work, roles, business goals and performance standards. Manage performance issues when necessary. Develop and coach employees to retain and grow organizational talent. Support employees in their career development at Mosaic.

• Lead, develop and coach IT security employees to retain and expand organizational talent through focused attention and effort, and provide timely feedback on a regular basis.
• Manage performance issues when necessary.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation.
• Actively monitor security alerts, advisories and exploits, assess risk and lead Mosaic teams toward an appropriate response.
• Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.
• Create and manage an information security and risk management awareness training program for all employees, contractors and approved system users.
• Work directly with Mosaic business leaders to facilitate IT risk assessment and risk management processes and work with stakeholders across the enterprise to identify acceptable levels of residual risk.
• Work with external and internal audit on Mosaic IT controls audits.
• Provide strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.
• Direct information security and risk management projects with resources from the IT organization and business representatives.
• Develop and implement an enterprise information security and IT risk management program aligned with ISO 27001, NIST CSF and other applicable standards and frameworks via a common control framework.
• Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.
• Work with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures.

• Bachelor’s degree required, major in Information Technology, Business Management, Computer and Information Science, or related field.
• Master’s degree preferred.
• 10+ years of Information Technology experience required.
• Regulatory and Risk Management experience required.
• Sarbanes‑Oxley Act (SOX) experience required.
• Policy Development knowledge required.
• At least one active certification required:
  Certified Information Systems Security Professional (CISSP) – (ISC)², Certified Information Systems Auditor (CISA) – ISACA, or Certified Information Security Manager (CISM) – ISACA.
• Project Management Professional (PMP) – PMI preferred.
• Advanced in AI Security Management (AAISM) preferred.
• Information Technology Infrastructure Library (ITIL) preferred.

• Attractive base salary plus annual incentive.
• 11 paid holidays each year.
• 401(k) with company match and annual company contributions.
• Paid sick leave.
• Robust benefits package including Medical, Dental, and Vision insurance.
• Growth opportunities within Mosaic.