VP, Cybersecurity & Information Risk

Jazwares Careers

Plantation, Florida(remote)

JOB DETAILS
SKILLS
Administrative Policies, Alliance/Partner Management, Alliance/Partner Marketing, Applications Security, Artificial Intelligence (AI), Artificial Intelligence (AI) Programming Languages, Auditing, Authentication, Automation, Best Practices, Budget Management, Business Continuity Planning (BCP), Campaigns, Capital Budgeting, Cloud Computing, Communication Skills, Communications Security (COMSEC), Computer Science, Computer Security, Contract Management, Crisis Management, Cross-Functional, Delivery Management, Disaster Recovery, Due Diligence, Embedded Systems, Emerging Technology, Enterprise Application Integration (EAI), Enterprise Protection, Establish Priorities, External Audit, Facebook, Financial Audit, Forensic Science, Geography, ISO (International Organization for Standardization), IT Governance, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, International Electro-Technical Commission (IEC), International Sales, Internet Security, Law Enforcement, Leadership, Legal, Liability Insurance, LinkedIn, Logistics, Machine Tool, Maintain Compliance, Manufacturing, Materials Management, Mergers and Acquisitions, Network Administration/Management, Network Programming, Network Security, Network Systems, Operational Strategy, Penetration Testing, Phishing, Policy Implementation, Presentation/Verbal Skills, Privacy Regulations, Process Improvement, Project/Program Coordination, Project/Program Management, Regulatory Compliance, Regulatory Requirements, Risk, Risk Analysis, Risk Management, Sarbanes-Oxley Act (SOX), Securities and Exchange Commission (SEC), Security Architecture, Security Attacks, Security Information and Event Management (SIEM), Security Infrastructure, Security Monitoring, Security Policy, Service Delivery, Service Level Agreement (SLA), Software Patches, Software as a Service (SaaS), Staff Training, Strategic Planning, Supply Chain, System Architecture, Test Program, Third-Party Logistics (3PL), Time Management, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), Warehousing, Writing Skills
LOCATION
Plantation, Florida
POSTED
19 days ago

As the Vice President of Cybersecurity & Information Risk (CISO), you will report directly to the EVP of Global IT with a dotted line to the Audit Committee. In this executive role, you are responsible for establishing and executing the enterprise information security strategy, protecting critical global infrastructure, and ensuring full compliance as a wholly-owned subsidiary of a public reporting entity. You will hold primary accountability for meeting SEC cybersecurity disclosure rules, SOX ITGC requirements, and global data privacy regulations. Additionally, you will lead the security governance of enterprise AI adoption—a rapidly evolving domain with material implications for data protection, regulatory compliance, and operational risk.

What You Will Do

  • Develop and maintain the enterprise information security strategy and roadmap, aligned to the NIST Cybersecurity Framework (CSF 2.0), CIS (And other industry relevant frameworks like ISO 27001, etc) and the company’s risk appetite as defined by the Board. Continuously evaluate and update the strategy to address emerging threats and technologies. 

  • Chair the Information Security Steering Committee, convening business unit leaders, Legal, Internal Audit, and Finance to govern cross-functional security decisions

  • Conduct Risk assessment and maintain the enterprise security risk register; present risk posture and material risks to the Audit Committee and Risk Committee on a quarterly basis

  • Establish and enforce the Information Security Policy framework, including acceptable use, data classification, third-party risk, and incident response policies

  • Develop and manage an incident response plan, tabletops to swiftly and effectively respond to and recover from security incidents, minimizing the impact on the organization. 

  • Establish disaster recovery and business continuity plans to ensure the availability and integrity of critical systems and data. 

  • Own the cybersecurity budget, including capital planning, managed services contracts, and tooling rationalization

  • Establish and own the enterprise AI security and acceptable use framework, covering employee GenAI tools, embedded AI in SaaS, and any custom AI/ML deployments

  • Oversee the 24/7 Security Operations Center (SOC), including hybrid internal/managed service delivery model, SIEM, EDR, and threat intelligence platforms

  • Own and exercise the Incident Response Plan; serve as executive decision-maker for material security incidents, including coordination of external forensics, legal counsel, law enforcement, and public disclosure

  • Lead tabletop exercises and red team/purple team programs; ensure findings drive measurable improvements to detection and response capability

  • Manage cyber threat intelligence program, ensuring actionable intelligence informs both operational response and strategic risk discussions

  • Own the enterprise GRC program, including risk assessments, control mapping, exception management, and audit liaison

  • Lead the annual SOX ITGC program in coordination with Internal Audit, ensuring timely completion, appropriate evidence, and effective remediation of control deficiencies

  • Maintain and mature the Third-Party Risk Management (TPRM) program, covering vendors, 3PLs, carriers, and technology providers across the global supply chain

  • Manage internal compliance activities such as Phishing Campaigns, Security Awareness Program (including AI-specific user education) and  User Access reviews

  • Set strategic direction for the IAM program, including Zero Trust architecture, privileged access management (PAM), identity governance, and multi-factor authentication across enterprise and OT/warehouse environments

  • Ensure access controls meet SOX segregation of duties requirements across ERP, WMS, and financial systems

  • Oversee identity programs for complex workforce segments including warehouse floor workers, mobile/remote employees, and third-party logistics partners

  • Own the enterprise vulnerability management program, including CVE tracking, risk-based patching SLAs, and penetration testing program

  • Maintain a dotted-line relationship with the SVP of Enterprise Applications, Data & Digital to embed security into the software development lifecycle (SDLC), CI/CD pipelines, and vendor application deployments

  • Oversee application security reviews for material system changes, M&A integrations, and new technology deployments

  • Set strategic direction for the Network Security program, including Zero Trust architecture.

  • Oversee the design and enhancement of secure network infrastructure and systems (Security Architecture).

  • Manage communication security, covering internal and external information transfer and access from outside networks.

  • Oversee and manage the execution of endpoint, network, and cloud security.

  • Lead the security architecture review process for all major technology initiatives to ensure alignment with the enterprise security strategy and regulatory requirements.

  • Rationalize the security tooling and technology stack for cost efficiency and maximum control effectiveness.

  • Establish and maintain engineering standards and best practices for security controls across all environments.

  • Manage and Oversee the implementation and integration of security tools and platforms (SIEM, EDR, Threat Intelligence, IAM, GRC, etc) to optimize Security Operations Center (SOC) efficiency and automated incident response capabilities and other security capabilities.

  • Own the data protection strategy including encryption standards, data loss prevention (DLP), and data classification framework

  • Serve as executive sponsor for data privacy compliance (GDPR, CCPA/CPRA), working closely with Legal and the Privacy Officer where applicable

  • Manage data breach response procedures including regulatory notification timelines and internal escalation protocols

  • Design and oversee the enterprise security awareness and training program, including phishing simulations, mandatory annual training, and role-based programs for global business

  • Serve as a visible internal champion for security culture, engaging business unit leaders and the Board in a manner that builds security as a business enabler

  • Provide security-focused oversight and governance for critical IT infrastructure, encompassing on-premises, cloud, and network environments.

  • Partner with the VP, Infrastructure and Technology Services to set the strategic direction and ensure secure architecture design and enhancement for networks and systems.

  • Establish and maintain engineering standards and best practices for security controls across all environments.

  • Oversee the execution of endpoint, network, and cloud security initiatives.

What We are Looking For

  • 15+ years of progressive information security experience, with a minimum of 5 years in a senior leadership role (CISO, Deputy CISO, or VP-level) at a company of comparable complexity

  • Demonstrated experience operating in or supporting a publicly reporting company, including direct engagement with SEC disclosure obligations, SOX ITGC programs, and external audit processes

  • Deep expertise across most of the core security domains: security operations and incident response, security engineering, GRC, IAM, vulnerability management, and data protection

  • Experience presenting to and advising Boards of Directors, Audit Committees, and C-suite executives on cybersecurity risk

  • Experience in incident response and crisis management, including proven track record of managing material security incidents requiring executive decision-making under pressure and coordination of external legal counsel and forensics

  • Experience operating in complex, multi-geography environments with IT and supply chain technology footprints

  • Proven success leading security programs in lean, accountable operating environments, delivering enterprise-grade outcomes through a combination of focused internal team, managed service partnerships, automation, and disciplined prioritization.

  • Proven ability to articulate complex security topics to both technical and non-technical stakeholders. 

  • Bachelor’s degree in Computer Science, Information Security, or related field; advanced degree preferred

  • Industry certifications: CISSP

  • Familiarity with emerging AI security frameworks (NIST AI RMF, ISO 42001)

Preferred

  • Industry certifications: CISM, CRISC, CGEIT, or equivalent

  • Experience with distribution, logistics, or supply chain verticals

  • Familiarity with OT/ICS security in warehouse or manufacturing environments (IEC 62443, NIST SP 800-82)

  • Prior experience as a named CISO or as subject matter expert in SEC comment letter responses

  • Experience managing cybersecurity through M&A transactions, including due diligence, integration, and post-close remediation

Other Knowledge, Skills, Abilities, and Other Characteristics (KSAO's) 

  • Extensive knowledge of legal issues related to organization liability and cybersecurity insurance trends 

  • Experience in establishing cybersecurity and risk metrics for reporting 

  • Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders 

  • Demonstrated management skills regarding budget development and administration, policy development and implementation, personnel administration, and staff training and development 

  • Demonstrated ability to work with diverse people, as well as effective oral and written communication skills 

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee, but provide the primary duties and responsibilities of the role. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice.

What we offer:

The base salary may vary based on experience, role tenure, performance, industry, and location. Eligibility for the annual performance incentive may apply. Jazwares is a multi-state employer, so the salary range may not apply to other states.

Our benefits package includes basic medical insurance that is 100% company-paid for employees and their children, employee basic life and AD&D insurance, a 401(K) retirement program with Jazwares matching up to 4% of pretax or post-tax deferrals, short and long-term disability, and tuition reimbursement. 

Our work environment provides a flexible work schedule that includes a Monday through Thursday on-site, with an optional WFH on Fridays, up to 20 workdays fully remote each year, and Time Off for vacation and sick leave.  Through Jazwares Cares, you will have the opportunity to volunteer for up to 16 hours a year on community service projects. 

Reasonable Accommodations   

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. 

Working at Jazwares

At Jazwares, we believe an innovative idea can come from anywhere and anyone. Through our three pillars, we foster innovation and encourage creativity in every area of our business.

  • Passion: Our conviction and enthusiasm show in our products, relationships, and commitment to our community.
  • Collaboration: We share one vision worldwide, constantly striving to improve and innovate together.
  • Humility: We recognize the value in others and treat everyone with respect. Our strength lies in our people and talent.

Don't miss out on this extraordinary opportunity to be part of the fastest-growing toy company in the industry. Connect with us today, and let's shape the future of play together! 

JAZWARES is an equal opportunity employer and does not discriminate in employment on the basis of race, color, sex, religion, national or ethnic origin, citizenship status, ancestry, disability, age, military status, marital status, sexual orientation, or any other characteristic protected by law. Jazwares is committed to providing reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities.

Who We Are

Jazwares, a Berkshire Hathaway company, is a leading global toy manufacturer with a robust portfolio of owned and licensed brands. Founded in 1997, Jazwares celebrates imaginative play with a progressive focus on identifying new and relevant trends to transform into high-quality products for consumers of all ages. Jazwares engages consumers through innovative play experiences with popular brands such as Squishmallows, Pokémon, Hello Kitty, Star Wars, Disney, BumBumz, and Adopt Me. In addition to toys, offerings include virtual games, costumes, and pet products. Headquartered in Plantation, Florida, Jazwares has offices worldwide and sells its products in over 100 countries. For more information, visit www.jazwares.com and follow us on LinkedIn, X, Instagram, and Facebook.

Recruitment Safety 

Please be wary of unsolicited communications from individuals or websites you are not familiar with, or any communications requesting sensitive personal data or information. All official Jazwares employment information will come from our company email ending in @jazwares.com. Jazwares will never request any monetary payments at any point during its hiring process. If you have any questions about any unsolicited communications, you can reach out to jazlegal@jazwares.com. We look forward to you experiencing a safe and enjoyable application process at Jazwares! 

 

About the Company

J

Jazwares Careers