Chief Information Security Officer

We are seeking a Chief Information Security Officer (CISO) with a global vision to build and lead our cybersecurity and information assurance strategies. The CISO will play a pivotal, leadership role in driving innovative strategies for protecting our intellectual property, customer data, and digital assets from cyber threats. The CISO needs to build a strong "security-first" culture across the organization to ensure that security is at the centre of all products and services.

This position requires a strong understanding of the semiconductor industry, strategic capabilities that can align our cybersecurity strategy and practices with our business model, objectives, and the risk universe we operate within globally.

The role requires a blend of innovative thinking to lead our company staying ahead of the ever-evolving threat landscape, along with strategic planning, technical expertise, and leadership - to ensure our information security posture is robust and resilient against evolving cyber risks. The ideal candidate will have a proven track record in developing and implementing comprehensive security programs in High Tech or Semiconductor manufacturing environments.

Key Responsibilities:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program at a global scale - to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization, including secrets, patents, and proprietary designs
• Lead the enterprise's information security organization, including hiring, training, and mentoring a team of security professionals.
• Identify, evaluate, and report on information security risks timely, and in a manner that meets Executive Management and the Board's expectations, meets the compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
• Design and implement protective measures for securing proprietary designs, patents, and other sensitive corporate information, considering the unique risks present in the semiconductor industry, given innovation and IP contributes materially to our company's competitive advantage.
• Work directly with the business units to facilitate risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Ensure cybersecurity policies are in alignment with Enterprise business policies, IT policies and the global Enterprise Risk Management framework for Wolfspeed.
• Develop and manage information security budgets and adopt cost-effective expense strategies and practices - to reduce and mitigate identified risks.
• Establish and oversee the implementation of a cybersecurity incident management program that includes incident detection, response, mitigation, and recovery processes.
• Effectively align cybersecurity practices with overall crisis management and incident response strategies, test plans and tabletop exercises - to ensure business continuity for Wolfspeed in the event of a worst-case disaster scenario, whether or not triggered by a security incident.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture against external threats.
• Conduct regular security audits, risk assessments, support annual financial and IT audit objectives, and ensure compliance with industry standards and regulatory requirements specific to the semiconductor industry.
• Champion cybersecurity awareness and training programs globally, across all levels of the organization.

Ideal Qualifications:

• Bachelor's or Master's degree in Information Security, Computer Science, or related field.
• Professional security management certification, such as a CISSP, CISM, or similar.
• 15+ years of experience in a combination of risk management, information security, and IT jobs, with at least 10 years in a senior leadership role.
• Experience with NIST (800-171) and ISO (27001) frameworks
• Experience with CMMC (Cybersecurity Maturity Model Certification) for USGOV
• Deep understanding of the evolving cybersecurity threats facing the semiconductor industry and experience in crafting strategies to mitigate these risks.
• Knowledge of relevant legal and regulatory requirements, including export controls
• Experience with contract and vendor negotiations and management including managed services.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff, Wolfspeed's vendors and suppliers.
• Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to the IT workforce.

This role may require additional duties and/or assignments as designated by management.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.