The IT Security Manager's is accountable for managing an IT security and risk program for all Stepan employees and sites. This role reports to the VP of IT; partners heavily with IT peers, Compliance, Legal, and HR. The IT Security Manager will collaborate with the VP of IT and the IT Governance Committee to create, mature, and refresh global IT Security strategic roadmap, policies, and procedures. The role is hands-on. This role will be the face of IT Security for Global Employees. Employee outreach is a key responsibility to ensure Stepan employees are educated in security best practices and aware of Stepan IT Security policies and procedures (eg reporting Security incidents).
IT Security Event Monitoring & Incident Response o Works with key third-party security partners and Stepan IT employees to detect, analyze, and respond to IT security events and incidents. o Leads triage, resolution, and communication activities during a Stepan IT security event or incident. o Partners with internal business functions such as Legal, Compliance, and HR to triage and create action plans for IT security events and incidents. o Monitors industry events, assesses Stepan potential exposure, and leads efforts to eliminate risks. Examples include zero-day announcements, critical patches, and ransomware. o Creates and maintains Incident Response Plans; leads table-top exercises to ensure response plans are effective. o Owns relationship with MSSP, retained Red Team partner, and reports security progress to IT Governance Committee, Audit Committee, and Operating Committee where appropriate. o Documents security events and incidents in the appropriate IT tool.
IT Security Architecture & Risk Management o Creates and maintains rolling three year IT Security strategic roadmap. Owns execution of activities to mature IT Security capability (often partnering with other IT lanes). o Ensures Stepan IT Security tooling and partners are appropriate and continue to mature/improve. o Partners with other IT lane managers to ensure IT architecture is secure, current, and appropriate IT security processes and policies exist, are communicated broadly, and are continually audited & improved. o Partners with engineering (corporate and local) to ensure manufacturing networks and systems are physically separated and secure. o Analyzes proposals for new IT solutions and new third-party connections, provides security requirements, and approves solutions based on those requirements. o Creates and maintains global IT risk register.
IT Security Employee Education, Performance Metrics, & Communications o Leads global employee IT education program using industry best practice concepts and tooling. o Prepares monthly and quarterly IT security metrics including data on training, communications, events, vulnerabilities identified, and security incidents. o Writes and publishes frequent IT security articles and employee advice columns in partnership with Stepan communications department. o Frequently holds employee education outreach events (lunch and learns, speaking at business function meetings, town halls, etc).
Experience managing IT security third-parties (eg MSSPs) Experience with IT Security tooling including SIEM tools, KnowBe4, Service Now, etc. Time management. Ability to manage several projects simultaneously from design to implementation. Ability to communicate technical information to other technical team members but also to coworkers and leaders in other departments who may not have knowledge of networking technical terminology. Ability to create coherent, clean documentation and presentations for complex environments/technical concepts using MS Visio, PowerPoint, etc. Chemicals, pharmaceutical, or manufacturing experience strongly preferred including experience with Business and Process Control Networks (and security best practices required to protect and physically separate both). Effective English communication skills, including oral and written. Spanish and/or Portuguese speaking is a plus. Proven IT Security triaging and problem-solving skills Excellent time management Vendor Certifications (eg CISA, CISM, CISSP) preferred but not required. Strong understand of industry best practices based on NIST required.
Ability to Travel up to 15%
Education Bachelor's degree in Computer Science, IT Security, similar technical degree, and/or equivalent experience 5-8 years of experience working in IT Security
Established in 1932, Stepan Company is a major manufacturer of basic and intermediate chemicals including surfactants, polymers, as well as specialty ingredients that go into consumer, household, and institutional products such as laundry detergents, shampoos, and surface cleaners. Stepan Company currently has 20 global manufacturing locations and over 2,000 employees. We have a strong record of growth. Our growth allows us to provide meaningful career opportunities and stability to our team members. We have big goals at Stepan and know every team member will be crucial to achieving our objectives. Regardless of function, we are looking for team members who bring with them a growth mindset, an entrepreneurial spirit, and the ability to thrive in an evolving environment.
We celebrate diversity at Stepan and are committed to creating a diverse, inclusive environment. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, age, veteran status, or any other status protected by applicable law.