VP, Cybersecurity & Information Risk

Jazwares

$150K — $200K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 15+ years in information security, with a minimum of 5 years in senior leadership (CISO/VP level) at a similar organization.
  • Experience with publicly reporting companies, including SEC compliance and SOX ITGC obligations.
  • Strong expertise across security domains: operations, incident response, engineering, GRC, IAM, and data protection.
  • Proven ability to present cybersecurity risks to Boards and Audit Committees.
  • Experience in crisis management during significant security incidents.
  • Leadership experience in complex, multi-geographical IT and supply chain environments.
  • Bachelor's degree in Computer Science or Information Security, advanced degree preferred; CISSP required.

Responsibilities

  • Develop and maintain the enterprise information security strategy aligned with industry frameworks.
  • Chair the Information Security Steering Committee to influence cross-functional security decisions.
  • Manage the enterprise security risk register; present risk posture to Audit and Risk Committees quarterly.
  • Establish and enforce a comprehensive Information Security Policy framework.
  • Develop an incident response plan to effectively manage security incidents and minimize impact.
  • Oversee the 24/7 Security Operations Center and manage security tooling for efficient operations.
  • Own the data protection strategy, including encryption standards and compliance with data privacy regulations.

Benefits

  • 100% company-paid basic medical insurance for employees and their children.
  • 401(K) retirement program with company matching up to 4%.
  • Short and long-term disability insurance.
  • Tuition reimbursement for continued education.
  • Flexible work schedule with a remote work option on Fridays and up to 20 remote workdays a year.
  • Opportunity to volunteer for community service for 16 hours a year as part of Jazwares Cares.
Full Job Description
As the Vice President of Cybersecurity & Information Risk (CISO), you will report directly to the EVP of Global IT with a dotted line to the Audit Committee. In this executive role, you are responsible for establishing and executing the enterprise information security strategy, protecting critical global infrastructure, and ensuring full compliance as a wholly-owned subsidiary of a public reporting entity. You will hold primary accountability for meeting SEC cybersecurity disclosure rules, SOX ITGC requirements, and global data privacy regulations. Additionally, you will lead the security governance of enterprise AI adoption-a rapidly evolving domain with material implications for data protection, regulatory compliance, and operational risk.

What You Will Do
  • Develop and maintain the enterprise information security strategy and roadmap, aligned to the NIST Cybersecurity Framework (CSF 2.0), CIS (And other industry relevant frameworks like ISO 27001, etc) and the company's risk appetite as defined by the Board. Continuously evaluate and update the strategy to address emerging threats and technologies.
  • Chair the Information Security Steering Committee, convening business unit leaders, Legal, Internal Audit, and Finance to govern cross-functional security decisions
  • Conduct Risk assessment and maintain the enterprise security risk register; present risk posture and material risks to the Audit Committee and Risk Committee on a quarterly basis
  • Establish and enforce the Information Security Policy framework, including acceptable use, data classification, third-party risk, and incident response policies
  • Develop and manage an incident response plan, tabletops to swiftly and effectively respond to and recover from security incidents, minimizing the impact on the organization.
  • Establish disaster recovery and business continuity plans to ensure the availability and integrity of critical systems and data.
  • Own the cybersecurity budget, including capital planning, managed services contracts, and tooling rationalization
  • Establish and own the enterprise AI security and acceptable use framework, covering employee GenAI tools, embedded AI in SaaS, and any custom AI/ML deployments
  • Oversee the 24/7 Security Operations Center (SOC), including hybrid internal/managed service delivery model, SIEM, EDR, and threat intelligence platforms
  • Own and exercise the Incident Response Plan; serve as executive decision-maker for material security incidents, including coordination of external forensics, legal counsel, law enforcement, and public disclosure
  • Lead tabletop exercises and red team/purple team programs; ensure findings drive measurable improvements to detection and response capability
  • Manage cyber threat intelligence program, ensuring actionable intelligence informs both operational response and strategic risk discussions
  • Own the enterprise GRC program, including risk assessments, control mapping, exception management, and audit liaison
  • Lead the annual SOX ITGC program in coordination with Internal Audit, ensuring timely completion, appropriate evidence, and effective remediation of control deficiencies
  • Maintain and mature the Third-Party Risk Management (TPRM) program, covering vendors, 3PLs, carriers, and technology providers across the global supply chain
  • Manage internal compliance activities such as Phishing Campaigns, Security Awareness Program (including AI-specific user education) and User Access reviews
  • Set strategic direction for the IAM program, including Zero Trust architecture, privileged access management (PAM), identity governance, and multi-factor authentication across enterprise and OT/warehouse environments
  • Ensure access controls meet SOX segregation of duties requirements across ERP, WMS, and financial systems
  • Oversee identity programs for complex workforce segments including warehouse floor workers, mobile/remote employees, and third-party logistics partners
  • Own the enterprise vulnerability management program, including CVE tracking, risk-based patching SLAs, and penetration testing program
  • Maintain a dotted-line relationship with the SVP of Enterprise Applications, Data & Digital to embed security into the software development lifecycle (SDLC), CI/CD pipelines, and vendor application deployments
  • Oversee application security reviews for material system changes, M&A integrations, and new technology deployments
  • Set strategic direction for the Network Security program, including Zero Trust architecture.
  • Oversee the design and enhancement of secure network infrastructure and systems (Security Architecture).
  • Manage communication security, covering internal and external information transfer and access from outside networks.
  • Oversee and manage the execution of endpoint, network, and cloud security.
  • Lead the security architecture review process for all major technology initiatives to ensure alignment with the enterprise security strategy and regulatory requirements.
  • Rationalize the security tooling and technology stack for cost efficiency and maximum control effectiveness.
  • Establish and maintain engineering standards and best practices for security controls across all environments.
  • Manage and Oversee the implementation and integration of security tools and platforms (SIEM, EDR, Threat Intelligence, IAM, GRC, etc) to optimize Security Operations Center (SOC) efficiency and automated incident response capabilities and other security capabilities.
  • Own the data protection strategy including encryption standards, data loss prevention (DLP), and data classification framework
  • Serve as executive sponsor for data privacy compliance (GDPR, CCPA/CPRA), working closely with Legal and the Privacy Officer where applicable
  • Manage data breach response procedures including regulatory notification timelines and internal escalation protocols
  • Design and oversee the enterprise security awareness and training program, including phishing simulations, mandatory annual training, and role-based programs for global business
  • Serve as a visible internal champion for security culture, engaging business unit leaders and the Board in a manner that builds security as a business enabler
  • Provide security-focused oversight and governance for critical IT infrastructure, encompassing on-premises, cloud, and network environments.
  • Partner with the VP, Infrastructure and Technology Services to set the strategic direction and ensure secure architecture design and enhancement for networks and systems.
  • Establish and maintain engineering standards and best practices for security controls across all environments.
  • Oversee the execution of endpoint, network, and cloud security initiatives.

What We are Looking For
  • 15+ years of progressive information security experience, with a minimum of 5 years in a senior leadership role (CISO, Deputy CISO, or VP-level) at a company of comparable complexity
  • Demonstrated experience operating in or supporting a publicly reporting company, including direct engagement with SEC disclosure obligations, SOX ITGC programs, and external audit processes
  • Deep expertise across most of the core security domains: security operations and incident response, security engineering, GRC, IAM, vulnerability management, and data protection
  • Experience presenting to and advising Boards of Directors, Audit Committees, and C-suite executives on cybersecurity risk
  • Experience in incident response and crisis management, including proven track record of managing material security incidents requiring executive decision-making under pressure and coordination of external legal counsel and forensics
  • Experience operating in complex, multi-geography environments with IT and supply chain technology footprints
  • Proven success leading security programs in lean, accountable operating environments, delivering enterprise-grade outcomes through a combination of focused internal team, managed service partnerships, automation, and disciplined prioritization.
  • Proven ability to articulate complex security topics to both technical and non-technical stakeholders.
  • Bachelor's degree in Computer Science, Information Security, or related field; advanced degree preferred
  • Industry certifications: CISSP
  • Familiarity with emerging AI security frameworks (NIST AI RMF, ISO 42001)

Preferred
  • Industry certifications: CISM, CRISC, CGEIT, or equivalent
  • Experience with distribution, logistics, or supply chain verticals
  • Familiarity with OT/ICS security in warehouse or manufacturing environments (IEC 62443, NIST SP 800-82)
  • Prior experience as a named CISO or as subject matter expert in SEC comment letter responses
  • Experience managing cybersecurity through M&A transactions, including due diligence, integration, and post-close remediation

Other Knowledge, Skills, Abilities, and Other Characteristics (KSAO's)
  • Extensive knowledge of legal issues related to organization liability and cybersecurity insurance trends
  • Experience in establishing cybersecurity and risk metrics for reporting
  • Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders
  • Demonstrated management skills regarding budget development and administration, policy development and implementation, personnel administration, and staff training and development
  • Demonstrated ability to work with diverse people, as well as effective oral and written communication skills

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee, but provide the primary duties and responsibilities of the role. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice.

What we offer:

The base salary may vary based on experience, role tenure, performance, industry, and location. Eligibility for the annual performance incentive may apply. Jazwares is a multi-state employer, so the salary range may not apply to other states.

Our benefits package includes basic medical insurance that is 100% company-paid for employees and their children, employee basic life and AD&D insurance, a 401(K) retirement program with Jazwares matching up to 4% of pretax or post-tax deferrals, short and long-term disability, and tuition reimbursement.

Our work environment provides a flexible work schedule that includes a Monday through Thursday on-site, with an optional WFH on Fridays, up to 20 workdays fully remote each year, and Time Off for vacation and sick leave. Through Jazwares Cares, you will have the opportunity to volunteer for up to 16 hours a year on community service projects.

Similar Jobs

More Jobs at Jazwares

More Information Technology Jobs

Find similar VP, Cybersecurity & Information Risk jobs: