VP, Security Transformation

Location US-IL-Northbrook
Job ID
2021-23175
# of Openings
1
Job Category
Information Technology

 

Tech.Software.IMS.Cyber – Code – Build It

At UL, we know why we come to work.

Thousands of us around the world wake up every day with a common purpose: to make the world a safer, more secure and sustainable place. Science is in our DNA; we are endlessly curious and passionate about seeking and speaking the truth. We take delight in knowing that our work makes a meaningful contribution to society, and we are proud that our culture is centered on integrity, collaboration, inclusion and excellence. UL stands at the forefront of technological advancement, and we are continually challenged to find new ways to foster innovation and positive change. Satisfying? Yes. Exciting? Absolutely!

What you’ll learn & achieve:

Maximizes UL’s enterprise value by executing on the Security Improvement Program to achieve program goals and providing feedback to the organization on how to continually improve our security practice.

  • Executive who ensures that the security improvement program adds value and gives it a competitive advantage. 
  • Work with other executives to decide on the priority of security needs and then utilize resources according to an organization's financial constraints and directives.
  • Responsible for managing the implementation of a large, complex and global program
  • Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
  • Assist with the identification of non-IT managed IT services in use ("citizen IT") and facilitate a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear.
  • Work effectively with business units to facilitate information security risk assessment and risk management processes and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.
  • Manage program to budget, on schedule with agreed upon documented scope.
  • Identify areas for business and cost effectiveness and efficiency.   
  • Track program delivery to business value targets set in the project charter
  • Serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements
  • Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
  • Manage the third-party providing monitoring of the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
  • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
  • Plans the overall program and provides roadmap and monitors the progress of scope, schedule and budget and validates against business strategy.  Recommends adjustments where needed and follows appropriate governance process. 
  • Identifies, intakes and manages risks, actions, issues and dependencies and takes corrective measures as needed
  • Ensure change management is planned and executed
  • Manages stakeholders’ communication
  • Performs other duties as directed.
  • Understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the role is working with executive management to determine acceptable levels of risk for the organization.
  • Interfaces with C-Suite Executives and Business Unit Leaders
  • Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
  • Manages resources assigned to the project from all areas of the organization
  • Manages the governance of suppliers/vendors related to the program
  • Interfaces with Finance and develops ROI, IRR and other financial measures
  • Engages and influences stakeholders to align processes and practices
  • Oversees the network of security directors, managers and staff
  • Two direct reports
  • Reports to Chief Transformation Officer

What makes you a great fit:

  • Bachelor’s degree required; Advanced degree preferred. Examples include:  MBA, MA in Project. Management, or master’s degree in Computer Science, Information Technology, or equivalent work experience.
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

What you’ll experience working at UL:

  • Mission: For UL, corporate and social responsibility isn’t new.  Making the world a safer, more secure and sustainable place has been our business model for the last 125 years and is deeply engrained in everything we do.
  • People: Ask any UL employee what they love most about working here, and you’ll almost always hear, “the people.” Going beyond what is possible is the standard at UL.  We’re able to deliver the best because we employ the best.
  • Interesting work: Every day is different for us here as we eagerly anticipate the next innovation that our customers’ create. We’re inspired to take on the challenge that will transform how people live, work and play. And as a global company, in many roles,  you will get international experience working with colleagues around the world.
  • Grow & achieve: We learn, work and grow together with targeted development, reward and recognition programs as well as our very own UL University that offers extensive training programs for employees at all stages, including a technical training track for applicable roles.
  • Total Rewards: All employees at UL are eligible for bonus compensation. UL offers a generous 401k matching structure of up to 5% of eligible pay. Additionally, we invest an additional 4% into your retirement saving fund after your first year of continuous employment. We provide Healthcare Reimbursement Accounts and Health Savings Accounts that UL contributes to twice per year! Depending on your role, you can work with your manager on flexible working arrangements. We also provide employees with paid time off including vacation, holiday, sick and volunteer time off.

Learn More:

Working at UL is an exciting journey that twists and turns daily. We thrive in the twists and revel in the turns. This is our every day. This is our normal.  

 

Curious? To learn more about us and the work we do, visit UL.com. 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply, or can't find a relevant opportunity?
Connect with us to keep informed about the latest UL career opportunities, tailored to your interests.

If you wish to request reasonable accommodation at any time, please email our Talent Acquisition team at Talent.Acquisition@ul.com.

UL is an Equal Opportunity Employer: Female/Minority/disability/Protected Veteran/Sexual Orientation/Gender Identity

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. If you'd like more information about your EEO rights as an applicant under the law, please review the EEO is the Law and EEO is the Law Supplement.

Please review the following additional documents:

UL EEO Policy

Pay Transparency Statement

E-Verify Poster (English)

Right to Work Poster (English)