Share this Job

Director, Information Security

Date: Jul 1, 2019

Location: Columbia, MD, US, 21044

Company: W. R. Grace & Co.

Requisition ID: 3218 

Built on talent, technology, and trust, Grace is a leading global supplier of catalysts and engineered materials. The company’s two industry-leading business segments—Catalysts Technologies and Materials Technologies—provide innovative products, technologies, and services that enhance the products and processes of our customers around the world. Grace employs approximately 3,900 people in over 30 countries.

Job Description

Provide vision and leadership to develop and execute on an enterprise information security strategy and roadmap.  Align with enterprise business strategy, gain executive approval and support, and oversee successful execution.

Develop and maintain practical and actionable information security policy and standards that reflect the needs of the business while keeping pace with changes in the business environment, technology and threats in order to effectively mitigate and manage risk to the business.

Develop and maintain a highly qualified staff of information security professionals across the enterprise.  Build and maintain executive relationships necessary for the successful execution of the information security program.

Maintain accountability for responsible information security program governance

Develop and implement an information security risk profile that prioritizes risk and the investment and financial strategy required to mitigate those risks.

Create and maintain security architecture for the enterprise and participate in the solution selection and process development.

Develop security requirements for information technology infrastructure initiatives, selected enterprise applications and, as appropriate, review and approve security design of initiatives.

Measure compliance with policy as part of assessing the overall security risk posture of the enterprise, and initiate programs to achieve and maintain an adequate security posture.

Develop and maintain external and internal relationships to influence security policy, standards and programs and enhance secure interoperability with extended entities

Leverage information security investments to enhance business, administration and compliance processes.

Develop and employ an ongoing information security communications, training and awareness program tailored to the evolving needs of the business and specific requirements of various user groups.

Develop and make available a catalog of security services to support company and business unit security needs.

Develop and maintain a responsive and effective information security incident response and management capability that will identify, contain and resolve information security incidents, meet compliance and reporting obligations, and uphold chain of custody and rules of civil procedure requirements.

Provide an annual report to executive leadership on the information security risk posture of the enterprise.

Required Skills

Bachelor’s degree in computer science, information systems, engineering, business administration or a related field is required.

Must have at least one of the following active certifications: CISA, CISM, CISSP or CFE

Minimum of 10 years executive leadership in information security policy, standards, architecture, technology and programs.

Strong understanding of information security and the relationship between threat, vulnerability and information value in the context of risk management. 

Must have a track record of developing and implementing a comprehensive strategy and plan for managing information security.

Ability to gather, analyze and interpret business drivers and developing practical security solutions that provide adequate security to support the business.

Possess a good understanding of appropriate leading-edge technologies.

Known to relevant technology companies as a thought leader around security, privacy and supporting technologies.

Demonstrated ability to build effective, cohesive and collaborative management team.

Extensive experience building and managing a diverse and inclusive team environment with strong commitment to respect, equality and teaming.

Strong demonstrated ability to skillfully hire, develop, lead, motivate, performance manage, and coach a cross-section of security and technology professionals and managers.


Required Experience

Leadership skills:  Must have the proven ability to lead the development, planning, coordination, and monitoring of all security and information security risk management-related process, technology and operations, and be a key part of the overall leadership for all aspects of information security.  This leader will be known as a collaborative and influential executive who can serve as an effective member of the executive management team at W.R. Grace.  Must be able to communicate effectively regarding security, privacy, risk, compliance, strategy and the required investments to senior business leaders

Security knowledge:  Able to draw upon proven experience to recommend and gain buy-in to numerous information security policies and solutions.  He/she will be able to lead a team by demonstrating subject matter expertise.  This individual is able to represent the interests of the organization and gain support from stakeholders

Ability to deliver:  This individual will have the proven ability to lead large, complex projects across various business and functional departments as they pertain to risk and security matters.  He/she can create a project management mindset with clearly objectives, goals and process

Project, Program and Portfolio Management: This individual must have a solid foundation of program and project management in past initiatives.  The individual must have experience in managing and directing a portfolio of projects and initiatives in both a project and a sustained operational capacity.

Preferred Qualifications

Masters degree in computer science, information systems, engineering, business administration or a related field is preferred, but not required.

Minimum of 5 years of experience in manufacturing industry is preferred.

Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP, CRISC, CGEIT are preferred, but not required.


Grace is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Grace via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Grace. No fee will be paid in the event the candidate is hired by Grace as a result of the referral or through other means.

Nearest Major Market: Baltimore