Job Description
We are seeking a highly experienced and strategic Chief Information Security Officer to lead our cybersecurity program and safeguard Lumentum's digital assets. The ideal candidate will bring extensive hands-on experience in cybersecurity operations and be knowledgeable in U.S. SEC (Securities and Exchange Commission) regulations and other relevant compliance frameworks. This leadership role requires a proactive approach to cybersecurity risk management, continuous improvement in defense strategies, and the ability to align the security posture with the organization's business objectives.
Key Responsibilities:
- Strategic Leadership:
- Lead the development and implementation of cybersecurity strategy in alignment with business goals and regulatory requirements.
- Collaborate with executive leadership to ensure cybersecurity initiatives support the overall risk management strategy.
- Ensure adherence to all cybersecurity policies, standards, and procedures while fostering a culture of security awareness.
- Operational Oversight:
- Oversee day-to-day cybersecurity operations, including threat detection, vulnerability management, incident response, and security operations center (SOC) activities.
- Direct the development and execution of technical security controls, including firewalls, encryption, and access control mechanisms.
- Manage and optimize tools for monitoring, detection, and prevention of threats to ensure a resilient security infrastructure.
- Compliance & Regulatory Adherence:
- Ensure compliance with U.S. SEC regulations related to cybersecurity disclosures, incident reporting, and governance practices.
- Lead audits, assessments, and remediation efforts related to regulatory frameworks such as SOX, NIST, ISO 27001, GDPR, and CCPA.
- Advise executive leadership on evolving SEC cybersecurity guidelines and their implications for corporate governance and financial reporting.
- Risk Management:
- Conduct ongoing risk assessments, identify vulnerabilities, and lead efforts to mitigate risks that could impact the organization’s operations, reputation, and compliance.
- Collaborate with the enterprise risk management team to prioritize cybersecurity risks in alignment with broader business risks.
- Develop and oversee business continuity and disaster recovery plans with a focus on cyber resilience.
- Incident Response & Forensics:
- Lead incident response strategy, ensuring swift and effective resolution of cyber threats and breaches.
- Coordinate investigations, root cause analysis, and post-incident reviews to prevent future occurrences and strengthen defensive postures.
- Team Leadership & Development:
- Build and manage a high-performing cybersecurity team, fostering a culture of continuous learning, innovation, and collaboration.
- Provide mentorship, training, and career development opportunities to ensure the team stays at the forefront of cybersecurity trends and technologies.
- Cultivate strong partnerships across IT, legal, compliance, and other business units to ensure an integrated security approach.
- Vendor & Third-Party Management:
- Evaluate and manage relationships with cybersecurity vendors, service providers, and partners.
- Ensure that third-party products and services meet the organization's security standards and integrate seamlessly into the existing security architecture.
Qualifications:
- Bachelor’s degree in Information Security, Computer Science, or related field; Master’s degree preferred.
- Minimum of 10 years of progressive experience in cybersecurity, with at least 5 years in a leadership or senior management role.
- Extensive hands-on experience with security technologies, including firewalls, IDS/IPS, encryption, SIEM, and endpoint protection.
- In-depth knowledge of U.S. SEC cybersecurity regulations and compliance requirements, including incident disclosure and risk governance.
- Experience with frameworks such as NIST, ISO 27001, and SOX, as well as familiarity with GDPR and CCPA.
- Proven track record of managing complex cybersecurity programs in large organizations or highly regulated industries.
- Strong understanding of current and emerging cybersecurity threats, vulnerabilities, and mitigation strategies.
- Exceptional leadership and team-building skills with the ability to lead cross-functional teams.
- Strong analytical and problem-solving abilities, with a focus on strategic and long-term planning.
- Relevant certifications such as CISSP, CISM, CISA, or equivalent.
Preferred Skills:
- Experience with cloud security (AWS, Azure, or GCP).
- Previous experience working with public companies or organizations in highly regulated industries.
- Familiarity with artificial intelligence (AI) and machine learning (ML) security applications
Job Tags