VP IT Information Security & Audit

Overview

The Vice President Information Security & Audit is a senior IT leadership role responsible for protecting the company’s information assets, technology platforms, and digital operations. Reporting to the Chief Information Officer (CIO), this role provides strategic direction, governance, and operational oversight for enterprise cybersecurity, information security, data privacy, and IT audit functions.

As a member of the IT Leadership Team, this role partners closely with business and technology leaders to enable growth, innovation, and operational excellence while managing cyber risk in an always‑on manufacturing environment.

Our company enjoys a modern technology stack, including SAP HANA on Microsoft Azure for ERP and Microsoft-based platforms for data, analytics, collaboration, and security.

• Define and execute the enterprise cybersecurity and information security strategy aligned with business objectives and risk tolerance.
• Protect enterprise systems, networks, applications, cloud platforms, and operational technology (OT) environments from cyber threats.
• Oversee security architecture and controls for SAP on Azure and Microsoft-based data and analytics platforms.
• Lead threat detection, incident response, vulnerability management, and security operations, leveraging internal capabilities and third‑party partners.
• Establish and maintain security standards, policies, procedures, and technical controls across the enterprise.
• Partner with Infrastructure, Applications, Data & Analytics, and OT teams to embed security into system design and operations.

• Own the enterprise privacy and data protection program, ensuring compliance with applicable privacy and data protection laws and regulations.
• Develop and maintain policies and processes for data classification, data handling, retention, and protection.
• Partner with Legal, HR, and business leaders to manage privacy risk related to customer, consumer, employee, and supplier data.
• Oversee privacy risk assessments, third‑party privacy reviews, and incident response related to data privacy events.

• Lead the IT controls and audit function, including internal IT audits, controls testing, and coordination with internal and external auditors.
• Ensure the effectiveness of IT general controls (ITGCs) supporting financial reporting, operational resilience, and regulatory compliance.
• Own and employ technology risk management practices, including risk assessments, remediation tracking, and executive reporting.
• Support enterprise risk management (ERM) initiatives by providing cybersecurity and technology risk insights.

• Lead and develop a high‑performing team across cybersecurity, information security, privacy, and IT audit disciplines.
• Manage a hybrid delivery model with several security and audit functions provided by trusted third‑party partners.
• Set clear goals, performance expectations, and development plans for team members.
• Manage departmental budgets, vendor relationships, and service‑level expectations.

• Serve as a trusted advisor to the CIO and IT leadership team on cybersecurity, privacy, and technology risk matters.
• Regularly report on cybersecurity posture, risk levels, incidents, and compliance status to executive leadership.
• Establish and maintain governance forums, metrics, and dashboards to support informed decision‑making.
• Stay current on emerging threats, regulatory changes, and industry best practices relevant to food manufacturing and global supply chains.

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field; or equivalent experience.
• 15+ years of progressive experience in cybersecurity, information security, IT risk, or audit roles.
• Proven experience leading enterprise security programs in complex, regulated environments.
• Strong understanding of cloud security, particularly Microsoft Azure and SAP landscapes.
• Experience managing third‑party security providers, MSSPs, and audit partners.
• Demonstrated ability to communicate complex technical and risk concepts to executive and business audiences.

• Advanced degree (MBA, MS in Cybersecurity, or similar).
• Relevant certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
• Experience in manufacturing, food & beverage, consumer packaged goods, or industrial environments.
• Familiarity with OT/ICS security and plant‑floor technology risks.
• Exposure to AI use cases related to IS

• Occasional travel to corporate offices, manufacturing locations, and key vendors as needed.