Chief Information Security Officer

Job Description

Company Overview:

Party City Holdco Inc. (PCHI) is a global leader in the celebrations industry, with its offerings spanning more than 70 countries around the world. PCHI is also the largest vertically integrated designer, manufacturer, distributor, and retailer of party goods in North America.

PCHI operates across multiple businesses within its Retail Division and Consumer Products Division. On the retail side, Party City () is the leading omnichannel retailer in the celebrations category, operating more than 750+ company-owned and franchise stores. The Consumer Products Division includes design and manufacturing entity Amscan, an industry leader in celebration décor, tableware, costumes, and accessories.

PCHI is headquartered in Woodcliff Lake, . with additional locations throughout the Americas and Asia.

Job Overview :

The CISO will have responsibility for all PCHI data/information security policies, standards, evaluations, and determining, implementing, and supporting cyber security standards for the global enterprise. The candidate must be creative and technologically bold as well as possess a mix of pragmatism, strong management, communications skills, and technical depth.

In this role, the CISO will be involved in all facets of information security and work across departments in a fast-paced environment, wearing multiple hats and managing large initiatives such as security audits. You must have a passion for implementing and supporting cyber security standards to keep our customers and our company's data safe. In addition, the role is responsible for IT Projects Governance framework, network security framework, information and cyber security policies, and best practices.

A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. Therefore, must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations.

Responsibilities and Duties:

• Leads a diverse technical organization in identifying, developing, implementing, and maintaining security processes, practices, and policies throughout the organization to reduce risks, respond to incidents, and limits exposure and liability in all areas of informational, financial, physical, personal, and reputational risk.
• Interfaces with the IT organization and senior management to establish strategies that have a direct impact on services for our internal users, customers, and partners.
• Matures Governance and compliance frameworks for IT projects and security
• Collaborates with IT peers on the Architecture Review Board, acting as the primary architect for the cybersecurity realm
• Presents to Audit Committee and works extensively with internal and external auditors
• Effectively manages a direct budget and making efficient staffing decisions
• Performs application risk analysis and threat modeling
• Keeps up to date on threat intelligence, including zero-day vulnerabilities and emerging threat vectors.
• Oversees of network security measures, including firewalls and IDS Protects Data and Encryption
• Reviews Identity & Access Management and Privileged User Access
• Collaborates with Information Technology leadership team to establish appropriate security standards and provide an effective governance structure to ensure compliance and accountability.
• Defines cyber security governance and control strategies for emerging technologies such as AI, cloud & containerization, block-chain, and robotic procession automation.
• Conducts risk analysis and engages cyber security, business management and other stakeholders for resolution.
• Performs application, vendor, and cloud security reviews and supporting system vulnerability assessments.

Skills Required:

• Strong leadership, strategic thinking, and large-scale planning abilities.
• Ability to lead and motivate the information security team to achieve priorities
• Excellent problems solving abilities and analytical skills; proven ability to effectively drive global teams to meet challenging deadlines solving complex problems
• Experience with contract reviews, vendor management and negotiations, including managed security services
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex cybersecurity topics for understanding and critical decision making by Executive Leadership Team.
• Strong understanding of PCI-DSS 4.0 and how to maintain compliance in a multi-channel organization
• A strong understanding of Cloud Security and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/detective Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation.
• Ability to understand not only emerging industry trends as far as cyber security is concerned and the landscape of emerging threats
• Strong focus and record of execution

Qualifications:

• Key Industry certifications in Information Security, such as CISSP, CISM and CISA.
• A Degree in Information Technology (Advanced Degree Preferred)
• 10+ years of experience in Information/Cybersecurity in a highly regulated industry such a, and/or Government within a large multi-national organization with a global scope with high influence requirements.
• 7+ years people management experience across a global organization, with hands-on experience building diverse teams while promoting an inclusive organization.
• A demonstrated knowledge of information security standards (., CIS, NIST, ISO-27001), rules and regulations related to information security and data confidentiality (., PCI, NIST, NSA) and other various security standards and policies.

Requirements

Skills Required:

• Strong leadership, strategic thinking, and large-scale planning abilities.
• Ability to lead and motivate the information security team to achieve priorities
• Excellent problems solving abilities and analytical skills; proven ability to effectively drive global teams to meet challenging deadlines solving complex problems
• Experience with contract reviews, vendor management and negotiations, including managed security services
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex cybersecurity topics for understanding and critical decision making by Executive Leadership Team.
• Strong understanding of PCI-DSS 4.0 and how to maintain compliance in a multi-channel organization
• A strong understanding of Cloud Security and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/detective Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation.
• Ability to understand not only emerging industry trends as far as cyber security is concerned and the landscape of emerging threats
• Strong focus and record of execution