Vice President, Cybersecurity, CISO
Hanes Brands

Overview

HanesBrands, Inc. is a global company with more than 59,000 associates in 33 countries, all working together to create the world's best apparel to include iconic brands such as Champion, Hanes, Bali, Bonds, and many more. We offer enormous opportunities for creative thinkers, for people with a passion for consumers, and for people who think like business owners. We're building a truly inclusive culture, where people of different backgrounds, races, cultures and experiences come together to make us stronger. We are a sustainable company committed to making a positive difference in our communities and around the world.

This job family acquires, designs, implements and operates the organization's information technology resources, including computer hardware, operating systems, communications, software applications, data processing and security. Activities include developing information technology strategies, polices and plans; managing the acquisition, implementation, maintenance and use of information technology resources; and training and supporting technology users.

Monitors networks for security events and alerts to potential/active threats, intrusions, and/or compromises. Understands the threat landscapes and tracks changes in this area. Supports the environment after an incident and ensures that the managed security service has thorough detection capabilities in place for emerging threats. Performs service requests from internal/external teams. Maintains an advanced understanding of cyber security threats, vulnerabilities, attacks, responsible groups, motivations and techniques. Continues to assess the evolving threats and new technologies, solutions, and services to stay ahead of them through research.

Responsibilities

The Chief Information Security Officer is responsible for establishing and maintaining a corporatewide information and cyber security management program to ensure that information assets are adequately protected, and the company is well prepared to defend against, respond to and recover from cybersecurity threats and events. The position is responsible for translating complex business problems into effective information and network security controls. This position is responsible for identifying, evaluating and reporting on information and network security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The individual must take into account what the company needs to do ensure sensitive data and information stays private; focus on the lifecycle of the data and ensuring it is always accurate (integrity), and working with colleagues across the IT function to ensure that the organization's hardware/software systems are reasonably secure, including attention to patch management, IT asset lifecycle management, and disaster recovery and business continuity needs.

• Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
• Facilitates information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board
• Provides strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
• Oversees the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings
• Engages with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management
  

Qualifications

• Requires broad management and leadership knowledge to lead multiple job areas. Typically has mastery level knowledge and skills within a specific technical or professional discipline with broad understanding of other areas within the job function.
• Bachelor Degree Required with an emphasize in IT or related area.
• 12 years prior experience in relevant professional experience.
• Actively manages and monitors the cybersecurity resources that work with external security operations monitoring parties, threat hunters, dark web monitoring, etc.
• Develops, implements, and maintains IT compliance controls; reviews existing IT compliance controls for regulatory updates and performs the necessary gap analysis.
• Reviews, documents, evaluates, and tests manual and automated computer controls throughout the corporate IT environment. Conducts risk assessments on business and operational processes. Designs audit/compliance programs to ensure ongoing evaluation and validation.
• Guidance for legal and regulatory compliance efforts and support for all appropriate regulatory requirements, including the Payment Card Industry Data Security Standard (PCI DSS).
• At least one of CISM, CRISC, and/or CISSP certification(s) required; Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP, CFE, CGEIT, CPA/CA are preferred, but not required.
• Experience with common information security management frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), the International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the European Union Privacy Directive, the Payment Card Industry Data Security Standard (PCI DSS), and the U.S. Health Insurance Portability and Accountability Act (HIPAA).
• Aligns closely with the legal department to ensure that data privacy elements are understood and protected through the security posture.
• Develop cyber resiliency so the organization can rapidly recover from hacking, security incidents, or infringements.
• Weighing business opportunities against security risks that can potentially compromise the organization's long-term financial rewards

EOE/AA: Minorities/Females/Veterans/Disabled.

Only applicants requiring reasonable accommodation for any part of the application and hiring process should contact us directly:

Telephone: 877.999.5553

Email:HBI_TA@hanes.com

This job has expired.