Director, Information Security

Graphic Packaging International, LLC, a wholly-owned subsidiary of Graphic Packaging Holding Company (NYSE: GPK), is committed to providing consumer packaging that makes a world of difference. Headquartered in Atlanta, Georgia, we are a leading global provider of paper-based packaging solutions for a wide variety of products to food, beverage, foodservice and other consumer products companies. We are one of the largest producers of folding cartons and hold a leading market position in solid unbleached sulfate, coated unbleached kraft and coated recycled paperboard. Graphic Packaging’s customers include some of the most widely recognized companies in the world.

We achieve our vision by delivering value to our customers, building a high-performance culture for our employees, creating superior returns for our shareholders, and being an environmentally responsible leader in our industry and in the communities where we operate.

Graphic Packaging has approximately 17,000 employees working in more than 60 locations in North and South America, Europe and the Pacific Rim. We are committed to workplace diversity and offer compensation and benefit programs that are among the best in the industry to reward the talented people who make our company successful. We invite you to review the following employment opportunity and to learn more about us at www.graphicpkg.com.

MISSION / SUMMARY:

Reporting to the Senior Director, Global Infrastructure (CTO), the Director, Information Security (CISO) will be responsible for

• Maintaining a safe and secure operating environment for GPI; leading the development of information security strategies, conducting security assessments, and implementing security solutions to assist businesses with the assessment and improvement of GPI’s security infrastructure.

JOB FUNCTIONS: Job functions include, but are not limited to the following.

• Oversight of security operations delivery across multi-supplier service lines, across Global IT
• Establishes system safeguards by directing disaster preparedness development; conducting preparedness tests.
• Develop security awareness by directing development of orientation and training programs; counseling business units.
• Advise senior management by identifying critical security issues; recommending risk-reduction solutions.
• Partner with various internal company departments to provide internal security consulting for various corporate initiatives.
• Conduct forensic analysis of corporate assets to provide Management, Human Resources, Legal, or others (as approved) with requested information to address business continuance and/or litigation needs.
• Process security questionnaires submitted by potential company partners or company clients
• Manage continuous improvement process of security operations
• Act as the single point of accountability across Global IT for security
• Provide the policies and processes across Global IT for Information Security
• Oversee relationship with Managed Security Service Providers (MSSPs)
• Responsible for security monitoring metrics and trending for actionable patterns including pushing knowledge base articles to the Global Help Desk to allow remote incident remediation where applicable
• Drive process improvement to continually improve service and reduce costs
• Collaborate with engineering management teams to ensure proper deployment and monitoring of new security technologies and cloud enablement as GPI continues to evolve in that space
• Extend current security operations management governance model to a global footprint in partnership with other IT leaders in the organization.
• Perform root cause analysis, future prevention / risk mitigation on critical security incidents
• Establish and maintain an effective security incident response, notification and escalation process working closely with other leads in the IT Service Management teams
• Engage third level support and vendor system engineers as necessary to participate in problem response and root cause determination of security incidents
• Accurately assess business impact & create action plans for remediation of security related events
• Work with the compliance team and vendors to ensure SOX evidence for internal & external audit.
• Ensure regulatory compliance with regional, national & international data privacy regulations
• Be a part of the Strategic Architecture Review Team (S.T.A.R.T) in providing guidance in the area of new technology enablement to ensure technology platform is managed for risk mitigation
• Provide guidance to development teams to ensure the appropriate level of secure code scans are performed prior to implementing code into the production environment.

BACKGROUND / EDUCATION/ EXPERIENCE:

• Bachelor’s degree in computer science, information security or related field of study.
• CISSP, GIAC, or CISM certifications are preferred
• 18+ years of experience in working across and in a IT Service organization
• Solid Information Security background, including information and cyber security assessment, risk analysis, privacy, data protection, regulatory frameworks, as well as risk and security architecture and demonstrated experience in leading cyber incident response
• Strong knowledge of the NIST cyber security framework
• 10+ years of experience managing cyber security practices including conducting security audits for both custom built and 3rd party applications
• Demonstrable experience running security education programs across development and infrastructure teams and across business units as a whole
• Deep expertise in firewall, system, operating system configuration management, patching, anti-virus, and network security architectures
• Strong knowledge of information security threats, vulnerability management, and countermeasures and associated operational best practices
• Ability to manage multiple projects simultaneously that involve key stakeholders across a complex organization.
• Strong knowledge of compliance and validation within an effective and secure desktop solution based on GPI’s needs
• 5-7 years of experience in leading a Global IT Security organization
• Strong communication skills with the next level of leadership
• Ability to work in a virtual team environment across global time zones
• Ability to pull and analyze data for helping drive continual operational improvement
• Experience in a manufacturing environment desired
• Extensive knowledge of a heterogeneous IT environment including multi-vendors

Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee’s or applicant’s race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law. Click here to view the EEO is the Law Poster.

Required Skills

Required Experience