Global Head of Cyber Strategy - London, United Kingdom - Diageo
Description
Job Description:
About us
Diageo is the world's leading premium drinks company with an outstanding collection of brands, such as Johnnie Walker, Smirnoff, Baileys, Captain Morgan, Tanqueray and Guinness.
With over 200 brands in 180 countries and a global network of entrepreneurial individuals, our teams blend a diverse range of experience, knowledge and skills.
We connect customers and consumers to our iconic products and create innovative experiences that bring people together to celebrate life.
About the function
Information Management & Security (IM&S) is committed to protecting Diageo brands, revenue, reputation, and employees through a global program including cyber security strategy and risk management.
The Global Head of Cyber Strategy will provide the leadership that aligns the business Must Do's with security goals, objectives, threats, risks, and mitigation plans.
Main responsibilities- Develop an annual plan for information security programs and prepare the project budgets for submission and approval by the Digital & Technology (D&T) Portfolio Board.- Validate that the strategic initiatives have been delivered as planned and have achieved the expected benefits in terms of new capabilities, risk reduction, and cost avoidance or reduction.- Develop a multi-year cyber strategy, goals, and plans and communicate it to D&T leadership.- Demonstrate how cyber security plans address both complex cyber threats and escalating pace of digital and information risk.- Align the security program across Enterprise Architecture and D&T Value Streams.- Provide line management of the cyber security risk management function (i.e., one direct report).- Develop and maintain the information security strategy which supports Diageo Must Do's and IM&S objectives across the Risk Management, Data Privacy, IT General Controls, Security Operations, and Records Management.- Manage the cyber security risk management function ensuring a proactive effective program operates to identify the mitigate strategic risks.- Align with Enterprise Architecture in the creation of strategic roadmaps that will drive a global investment program for IM&S.- Transform high level strategy into actionable annual portfolio plans that will address the threats and risks.- Act as the Business Partner leading the IM&S Value Stream and attend monthly Value Stream Board meetings to seek financial approval to initiate projects and review ongoing portfolio financial status.- Ensure the strategy function sustains the capabilities required to stay in the Top Quartile of CPG companies.- Align with the Security Enterprise Architect on the goals and objectives of the IM&S strategy so that the Architect can select the best solution to achieve each goal.- Ensure that strategic security plans map back to cyber security risks in the Risk Register.
Additional responsibilities- Build a multi-year investment program around the strategy and create the business cases to support the investments.- Drive the annual portfolio planning process which requires the creation of Project Briefs, entering the projects costs, dates, and required resources into Planview, working with the Portfolio Management Office to complete their requirements for portfolio submission.- As the Business Partner for the IM&S Value Stream, initiate projects approved by the Portfolio Board by ensuring a Security lead completes the Project Initiation Document (PID) and Financial Workbook for each project.- Seek D&T Finance approval in a Value Stream Board meeting to move each project from Ideation to Initiation status in Planview and request a Project Manager from the Project Management Office.- Develop Key Performance Indicators (KPIs) and thresholds against each of the IM&S initiatives.- Attend weekly IM&S PLT meetings to monitor the progress on each inflight project and intervene as needed to resolve project issues.- Manage the risk management function to ensure that cyber security risks are properly managed and adhere to the Global Risk Management Standard and the IM&S Risk Management Process.
Work Experience/Skills required- Minimum of 15 years of broad information security experience including responsibility for direct line management of a security team- Experience developing and implementing security strategy for a large global organization- Broad knowledge of IT security vendors and products and how they mitigate risk- Depth and breadth across all the core bodies of information security knowledge including threat, vulnerability, risk, and controls.
More jobs from Diageo
-
Global Brand Ambassador Don Papa
London, United Kingdom - 2 weeks ago
-
Quality Assurance Student Placement
Belfast, United Kingdom - 3 weeks ago
-
Market Category Manager, Manufacturing Services
Edinburgh, United Kingdom - 4 weeks ago
-
Site Management Co-ordinator-1
Port Ellen, United Kingdom - 2 days ago
-
Material Planning Team Leader
Leven, United Kingdom - 4 days ago
-
Fife - Spirit Operations Apprenticeship
Leven, United Kingdom - 3 weeks ago