Chief Information Security Officer

About The Position

Requirements

• Bachelor's or Master's degree in Information Security, Computer Science, or related field.
• Professional security management certification, such as a CISSP, CISM, or similar.
• 15+ years of experience in a combination of risk management, information security, and IT jobs, with at least 10 years in a senior leadership role.
• Experience with NIST (800-171) and ISO (27001) frameworks
• Experience with CMMC (Cybersecurity Maturity Model Certification) for USGOV
• Deep understanding of the evolving cybersecurity threats facing the semiconductor industry and experience in crafting strategies to mitigate these risks.
• Knowledge of relevant legal and regulatory requirements, including export controls
• Experience with contract and vendor negotiations and management including managed services.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff, Wolfspeed’s vendors and suppliers.
• Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the IT workforce.

Responsibilities

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program at a global scale – to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization, including secrets, patents, and proprietary designs
• Lead the enterprise's information security organization, including hiring, training, and mentoring a team of security professionals.
• Identify, evaluate, and report on information security risks timely, and in a manner that meets Executive Management and the Board’s expectations, meets the compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
• Design and implement protective measures for securing proprietary designs, patents, and other sensitive corporate information, considering the unique risks present in the semiconductor industry, given innovation and IP contributes materially to our company’s competitive advantage.
• Work directly with the business units to facilitate risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Ensure cybersecurity policies are in alignment with Enterprise business policies, IT policies and the global Enterprise Risk Management framework for Wolfspeed.
• Develop and manage information security budgets and adopt cost-effective expense strategies and practices – to reduce and mitigate identified risks.
• Establish and oversee the implementation of a cybersecurity incident management program that includes incident detection, response, mitigation, and recovery processes.
• Effectively align cybersecurity practices with overall crisis management and incident response strategies, test plans and tabletop exercises – to ensure business continuity for Wolfspeed in the event of a worst-case disaster scenario, whether or not triggered by a security incident.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture against external threats.
• Conduct regular security audits, risk assessments, support annual financial and IT audit objectives, and ensure compliance with industry standards and regulatory requirements specific to the semiconductor industry.
• Champion cybersecurity awareness and training programs globally, across all levels of the organization.