Information Security Transformation Lead - Fox Search Group Llc : Job Details

Information Security Transformation LeadLocation: Newark/NYC Metro Department: Information Security Job Overview: We are seeking a highly experienced and motivated Information Security Transformation Lead to drive IT Security and Compliance efforts for a major ERP Transformation initiative. This role will collaborate closely with the Program Team, selected vendors, IT teams, and business stakeholders throughout the discovery, detailed planning, and implementation phases of the program. The Information Security Transformation Lead will be responsible for defining IT Security and Compliance objectives for our client's future-state ERP solution and establishing the necessary work packages to support the transformation initiative. Essential Duties & Responsibilities:Evaluate and Document the Current Security Landscape:

• Assess the security posture of existing regional ERP systems, focusing on access controls, IT general controls, data encryption, logging mechanisms, and compliance protocols.
• Identify security gaps or inconsistencies within current multi-regional ERP setups and evaluate potential risks related to migrating to a centralized system.

Identify and Document the Future State Security Landscape:

• Define compliance and regulatory requirements for the future ERP solution, ensuring adherence to global, regional, and industry-specific regulations (e.g., GDPR, CCPA, PCI, SOX).
• Define the desired security posture of the future ERP system as it relates to identity management, access control, data security, regulatory compliance, network and infrastructure security, monitoring and logging, vulnerability management, and business continuity.

Develop a Security-Driven Change Management Strategy:

• Promote a culture of security and compliance across all regions, ensuring that all teams recognize their role in protecting the ERP systems during and after migration.
• Collaborate with key stakeholders to ensure they understand the critical importance of security and compliance throughout the transition, highlighting risks such as non-compliance and potential breaches.

Create a Detailed Security and Compliance Implementation Plan:

• Define the necessary security protocols to support a phased rollout, focusing on secure data migration, controlled access, and testing security measures at each stage of the ERP transformation.
• Plan for secure data migration, ensuring encryption both in transit and at rest, with robust mechanisms for data integrity, validation, auditing, and remediation.
• Ensure seamless and secure integration of the new ERP solution with the company's key systems and applications (e.g., procurement, retail systems).
• Ensure robust integration of the new ERP platform with existing security tools and platforms.
• Work with project teams to ensure sufficient documentation is maintained/retained throughout the implementation for audit purposes.

Mitigate Security Risks and Ensure Compliance:

• Identify potential security risks during the transition (e.g., data loss, insider threats, vulnerabilities during migration) and develop mitigation strategies such as enhanced monitoring, penetration testing, and vulnerability scanning.
• Collaborate with the IT Risk and Compliance team to ensure the centralized ERP solution meets all regulatory requirements across regions, including data sovereignty, financial reporting, and auditability.
• Schedule regular reviews to ensure compliance with security standards and regulations, both during rollout phases and post go-live.

Experience, Skills, and Knowledge:Experience:

• 8+ years of experience in information security with a focus on network and infrastructure security, cloud security, compliance, or enterprise systems.
• Proven experience leading security efforts for large-scale IT implementations (e.g., ERP, Cloud Migrations, Digital Transformation, etc.).
• Experience with ERP platforms, particularly SAP, is highly valuable.
• A strong understanding of cloud environments (Azure and AWS) is essential.
• Experience with SOC audits, security controls, data migration, and privacy regulations is highly beneficial.
• A background in security transformation projects is a significant plus.
• Architectural roles experience is preferred.

Knowledge:

• Proficient in Sarbanes-Oxley (SOX) compliance, with experience implementing and maintaining SOX controls, conducting audits, and ensuring documentation accuracy.
• In-depth knowledge of security architecture, secure coding practices, and threat modeling.
• Strong understanding of SOC audits and compliance frameworks.
• CISSP, CISM, or equivalent certifications are considered a plus.

Skills:

• Ability to lead cross-functional teams and work effectively with stakeholders at all levels.
• Strong analytical and problem-solving skills, with the ability to think critically about security challenges in complex systems.
• Excellent verbal and written communication skills, capable of articulating technical concepts to non-technical stakeholders.
• Ability to thrive in a dynamic environment and adapt to changing priorities.

Software/Tool/Technology Proficiency:

• Strong experience with GRC toolsets is preferred.
• Proficiency with cloud environments, specifically Azure and AWS.
• Familiarity with Linux and I-series environments is beneficial.
• Hands-on experience with SOC audits and compliance frameworks is essential.