Information Security Manager EMEA

You will be responsible for managing IT Security for Europe, the Middle East, and Africa (EMEA). Following enterprise IT Security standards you will be responsible for safeguarding the integrity, availability, and confidentiality of International Paper’s information resources, assets, and data throughout EMEA. You will lead or support global security initiatives in cooperation with enterprise IT Security.

You will have the opportunity to lead the EMEA operations of a large, global enterprise in Information Security – one of the most critical and dynamic IT disciplines. You will work with colleagues and vendors around the globe to help protect the company’s information from a wide array of evolving threats, while working to communicate the importance of effective security practices with business stakeholders in terms that non-IT users can understand. Besides working with a great team of security professionals, the broad reach of Information Security ensures that the successful candidate will develop through interaction with experts across other IT functions (telecommunications, client and server platforms, packaged and custom applications, etc.) as well as a variety of process areas (legal, HR, sourcing, corporate communications, etc.). All of this will take place at the Global Business Services Center of one of the best and most respected companies in our industry, committed to our employees, our customers, and operational excellence.

• Coordinate activities through indirect staff and other outside resources

• Represent EMEA in all IT security functions ensuring that EMEA-specific issues are included in enterprise IT Security’s 3-5 year IT Security Strategy and Governance Plan

• Ensure that IP’s IT security policy, standards, guidelines, and procedures are implemented in EMEA, supporting ongoing administration of the IT Security Vulnerability Management process

• Complete EMEA risk assessments in accordance with the enterprise IT Security Vulnerability/Risk Assessment Process and assist on others as available

• Assist in the creation of action plans (or documented mitigating controls) to address the vulnerabilities identified

• Serve as the main EMEA contact for all Computer Incident Response Team (CIRT) response plans, coordinating all response actions for EMEA and communicating progress back to the CIRT leader.You will also assist in investigation of IT security breaches and with any associated disciplinary and legal matters

• Work with internal and external auditors, and with key partners to minimize the frequency and impact of IT security incidents

• Validate the EMEA IT infrastructure for technical and procedural compliance with enterprise IT security policies and standards

• Assist in reviewing the risk exception inventory to ensure documented policy exceptions have been completed

• Contribute to the creation of enterprise IT security policies, serving as the subject matter expert for EMEA

• Translate IT security risks into business terms and communicate them to senior management.

• Recommend approaches for circumventing, mitigating, and overcoming IT security risks, understanding the ‘customer’s’ needs and weighing the overall risk against the cost of business

• Maintain up-to-date knowledge of the latest IT security products and techniques

• Report regularly to enterprise IT Security and ITSS management, report on status of IT security with a focus on EMEA operations

• Report on IT security metrics as defined by enterprise IT Security

• Bachelor’s or Master’s Degree in Computer Science or MIS or equivalent

• 4-5 years of IT security experience preferred

• Team management experience would be an asset

• Extensive knowledge of IT security, including IT security frameworks, disciplines, principles, and technologies on multiple platforms

• Experience working with ISO 17799

• Experience designing and implementing both technical IT security solutions and IT security programs

• Knowledge and understanding of IT security vulnerability/risk assessment methodologies

• Extensive knowledge of reviewing, assessing, and auditing for system or process vulnerabilities

• Broad experience of IT security best practices

• Familiarity with current audit, legal, and regulatory requirements in EMEA and North America, including Sarbanes-Oxley requirements

• Demonstrate excellence in written and verbal communication skills at Technical and Management levels

• Fluent English is a must

• Knowledge of additional language (French, Italian, Polish, Spanish, Turkish, Russian) would be an asset