Sr Director, Information Security
We’ve been in the car business for more than 150 years, starting with the invention of the world’s first motor oil. Today, we’re a global leader in automotive services and lubricants, driven every day by a people-centered focus on innovation and service excellence.
As we often say, it starts with all of our people — and that’s where you come in. We’re looking for humble, hungry and smart people to help us power the future of mobility. If you’re looking for a collaborative and flexible work environment that invests in your growth and success, you’ve come to the right place.
Careers for the Driven
Valvoline has a rewarding opportunity as a Sr Director of Information Security. We whole-heartedly adopt a ‘never idle' mindset. We also know that outstanding service begins and ends with our employees. So, we’re looking for good people to join our team. You bring your skills, talents and drive. We will give you a great place to work, a competitive salary and benefits, and the resources and support to develop and advance within our global company.
*Valvoline World Headquarters is located in Lexington, KY and we encourage local candidates to apply. We are also open to candidates working remotely with some travel to Lexington required.
How You’ll Make an Impact
The Senior Director of Information Security is responsible for leading and driving all information security activities at Valvoline. Reporting to the Vice President of Information Technology, the role will work cross-functionally with the other members of the IT leadership team and business stakeholders to ensure development of and alignment to established security standards, policies and procedures. The individual will serve as the primary strategic leader for information security efforts. In the role, you would be responsible for:
- Setting the mission and vision of the organization's information security assets, procedures, policies, and standards to foster a business-oriented culture leading a team delivering security architecture, incident detection and response, compliance, and identity and access management
- Creating and managing a unified control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations, such as Sarbanes-Oxley, PCI DSS, and CCPA. Ensure organizational programs comply as appropriate
- Developing, implementing and monitoring a strategic, comprehensive enterprise information security and IT risk management program, working with IT and business stakeholders to implement information security policies, standards and guidelines following the CIS Top 18, NIST or other accepted
- Defining and building partnerships with internal and external partners for providing investigation, incident response support and other services as identified
- Providing regular reporting on the current status of the information security program to senior IT and business leaders
- Monitoring the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action and lead development and maintenance of the enterprise Incident Response Plan
- Working directly with the business units to facilitate IT risk assessment and risk management processes, evaluating and providing recommendation for risk mitigation and insurance policies for cybersecurity, and create and manage information security and risk management awareness training
- Overseeing facilitation of internal and external evaluation and audit of applicable controls, policies, and standards. Facilitating remediation of identified risk and deficiencies to reduce or eliminate applicable risk
- Researching new technologies, architectures, and security products that will support the future security objectives for the enterprise. Recommending, prioritizing, leading and coordinating implementation of Information Security technologies, tools and projects
- Other duties and responsibilities as determined by Valvoline from time to time in its sole discretion
What You’ll Need
- Bachelor’s Degree in Computer Science, Business Administration or IT-related field
- Minimum 10 years of experience in Information Security or in a technology related field.
- Minimum 5 years of leadership experience within IT.
- Strong vulnerability management background
- Good understanding of web applications, cloud architecture, network architecture
- Experience responding to or conducting audits
- CISSP-ISSMP, CISM, CISA or similar industry certifications
- Exceptional leadership skills, including the ability to supervise, lead, coach, motivate and work through others to achieve desired results
- Ability to build strong partnerships and effectively influence outside direct span of control
- Experience with budget planning and financial management
- Strong communication (oral and written), interpersonal and organizational skills
- Must demonstrable ability to successfully interact effectively with all levels in the organization
- High level of initiative and critical thinking to formulate business issues into analytical problems and devise actionable solutions
- In-depth knowledge of architecture, engineering, and operations SIEM and SOAR platforms.
- Understanding of mobile technology and OS (i.e. Android, iOS, Windows) and VMware technology
- Extensive experience in all Microsoft related products including operating systems, Active Directory, Office 365, Teams and SharePoint
- Experience with Perimeter Security systems and software (e.g., Firewalls, Intrusion Protection Systems, VPN)
- Experience implementing at least one of the following PAM solutions – CyberArk, Centrify, BeyondTrust, Thycotic, preferably vendor certified
- Application and statutory compliance such GDPR, SOX, and information security
- Must be authorized to work in the U.S.
What Will Set You Apart
- Retail / consumer experience
Benefits That Drive Themselves
- Health insurance plans (medical, dental, vision)
- HSA and flexible spending accounts
- Incentive opportunity*
- Life insurance
- Short and long-term disability insurance
- Paid vacation and holidays*
- Employee Assistance Program
- Employee discounts
- Tuition reimbursement*
- Adoption assistance*
*Terms and conditions apply, and benefits may differ depending on position.
Females and minorities encouraged to apply.
Valvoline provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Are you good at what you do? Join us.
The Company endeavors to make its recruitment process accessible to any and all users. Reasonable accommodations will be provided, upon request, to applicants with disabilities in order to facilitate equal opportunity throughout the recruitment and selection process. Please contact Human Resources at 1-800-Valvoline or email 1-800Valvoline@valvoline.com to make a request for reasonable accommodation during any aspect of the recruitment and selection process. The contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.