Vulnerability Governance & Reporting Analyst

Position Summary:

• The Senior Vice President of Technology is a senior-most technology and information security executive, accountable for the protection, resilience, and reliability of the organization's information assets, systems, and digital operations. Reporting directly to the Chief Operating Officer, this role unifies Information Technology, Cybersecurity, Infrastructure, Applications, ERP, Desktop Support, and the Web and Digital function under a role.
• This position exercises the responsibilities, authority, and accountability of a security leader while also owning the enterprise Information Technology function. The role partners closely with Legal, Finance, Commercial, Quality, and Operations to deliver technology and security outcomes that enable business growth, protect regulated data, support audit readiness, and reduce enterprise risk in a manner aligned to the NIST Cybersecurity Framework (CSF) 2.0.

Key Responsibilities

:

• Strategy, Governance & Executive Leadersh
• ipDefine and execute the enterprise technology and cybersecurity strategy, ensuring alignment with company's business objectives, regulatory position, and long-term organizational visio
• n.Serve as the senior executive accountable for the confidentiality, integrity, and availability of company's information assets, regulated data, and operating environments across on-premises, cloud, and digital channel
• s.Establish and operate a formal cybersecurity governance program aligned to the NIST Cybersecurity Framework (CSF) 2.0, including documented policies, standards, procedures, and measurable controls across the Govern, Identify, Protect, Detect, Respond, and Recover function
• s.Own enterprise cyber risk management, including risk identification, risk acceptance, exception handling, executive reporting, and the maintenance of a current risk register reviewed with the Chief Operating Officer and executive leadership on a defined cadenc
• e.Serve as a trusted advisor to the Chief Operating Officer and executive leadership on technology, digital transformation, cyber risk, and regulatory exposur

• e.
• Information Security & Risk Managem
• entLead the development, approval, communication, and enforcement of all information security and acceptable use policies, ensuring policies are reviewed at least annually and remain consistent with legal, regulatory, and contractual obligatio
• ns.Establish and mature data classification, data handling, and data loss prevention program, ensuring regulated and sensitive data is identified, labeled, protected, and retained in accordance with poli
• cy.Direct the identity and access management program, including privileged access management, just-in-time administrative access, least-privilege enforcement, multi-factor authentication, and a repeatable access review and recertification cadence across on-premises and cloud environmen
• ts.Oversee vulnerability management, penetration testing, configuration auditing, and remediation tracking for AWS, Microsoft 365, internal networks, endpoints, and externally exposed assets, ensuring findings are prioritized by risk and closed within defined service-level expectatio
• ns.Establish a third-party and supply chain cyber risk program, including security review of new vendors, contractual security requirements, periodic re-assessment of critical suppliers, and remediation of identified third-party ris

• ks.
• Incident Response, Resilience & Reco
• veryOwn incident response readiness, including the incident response plan, executive escalation paths, law enforcement and regulatory notification contacts, third-party retainers, tabletop exercises, and post-incident lessons lear
• ned.Serve as the senior technical incident commander during cybersecurity events, partnering with the legal counsel to preserve attorney-client privilege and coordinate communicati
• ons.Ensure Disaster Recovery and Business Continuity plans are documented, current, exercised at a defined frequency, and capable of meeting business-approved recovery time and recovery point objecti
• ves.Bring the web, digital, and e-commerce environment under formal information security governance, including asset inventory, secure software development lifecycle (SDLC) requirements, code review, vulnerability management, and pre-release security checkpoi

• nts.
• Information Technology Operations & Del
• iveryProvide executive leadership across the full Information Technology function, including the Vice President of Information Technology and the leaders of Infrastructure, Applications, ERP, Desktop Support, and Web/Dig
• ital.Manage Web team and related security, including management of Creative & UX/UI Manager, Developers, and Engi
• neersOversee enterprise infrastructure operations, including network, server, cloud (AWS, Microsoft 365), endpoint, telephony, and physical/logical access systems, ensuring services are reliable, scalable, monitored, and secure by de
• sign.Lead application and ERP strategy, ensuring integrated, supportable, and secure application ecosystems aligned with evolving business processes, change management standards, and regulatory requirem
• ents.Oversee the technology project and program portfolio, ensuring initiatives are delivered on time, within scope, and on budget, and that security and compliance requirements are designed in from the ou
• tset.Evaluate emerging technologies, including artificial intelligence and automation, assess their security and business impact, and make executive recommendations on adoption, restriction, or cont

• rols.
• Team & Business Manag

• ement
• Build, develop, and retain a high-performing technology and cybersecurity organization, establishing clear roles, career paths, performance expectations, and succession pl
• anning.Mentor leaders and team, promote technical growth, monitor project execution, and ensure consistent, transparent communication with internal customers and business pa
• rtners.Define and operate a security awareness and training program for the workforce, including role-based training, phishing simulation, escalated consequences for repeat offenders, and measurable improvement t
• argets.Develop and manage consolidated technology and cybersecurity operating and capital budgets, balancing investment between run-the-business and transform-the-business prio
• rities.Partner with legal counsel, outside counsel, cyber insurance carriers, and external auditors on regulatory inquiries, contractual security obligations, breach notification analysis, and evidence preservation under attorney-client pri
• vilege.Foster a culture of accountability, continuous improvement, responsible innovation, and disciplined documentation across the organi

• zation.
• Qualifications & Core Compe

tencies:

• Demonstrated executive leadership and personnel management skills across both Information Technology and Cybersecurity f
• unctions.Proven experience building and operating a cybersecurity program aligned to a recognized framework such as NIST CSF 2.0, NIST 800-53, ISO 27001, or eq
• uivalent.Demonstrated experience leading enterprise risk management, security governance, policy development, incident response, and third-party risk ma
• nagement.Experience managing and securing enterprise-wide systems, applications, networks, identity platforms, and cloud environments, including Microsoft 365
• and AWS.Experience overseeing infrastructure operations, including LAN/WAN, virtualization, backup and recovery, endpoint management, and core enterprise appl
• ications.Working knowledge of regulatory and contractual obligations relevant to a manufacturer of products, including data privacy, records retention, and customer/partner security requ
• irements.Ability to develop, justify, and manage a consolidated technology and cybersecurity budget, including both operating and capital co
• mponents.Strong interpersonal, written, and oral communication skills, with proven ability to communicate technology and risk topics to executive, legal, and board-level a
• udiences.Ability to see the broader strategic picture and adjust plans to balance technical, operational, financial, legal, and reputational consid

• erations.
• Education & E
• xperience:Bachelor's degree required in computer science, cybersecurity, information systems, or a related technical field. Master's degree in information systems, cybersecurity, or an MBA is
• preferred.Industry-recognized senior cybersecurity certifications such as CISSP, CISM, CCISO, or equivalent are strongly
• preferred.Minimum of 15+ years of progressive technology and cybersecurity leadership experience, including senior-level management roles with combined accountability for IT and information
• security.Demonstrated experience leading enterprise-scale technology environments, major system implementations, and the build-out or significant maturation of a cybersecurit
• y program.Proven success partnering with Legal, Compliance, Finance, and executive leadership on cyber risk, audit, and regulator
• y matters.Regular attendance is
• required.Travel between company facilities and to vendor, partner, regulator, or industry meetings as business need
• s require.Perform other duties as may be required in meeting company o

bjectives.