Chief Information Security Officer

Job Description

About Us

Founded in 1872, Kimberly-Clark (NYSE: KMB) is a global Fortune 200 consumer packaged goods (CPG) company with 45,000 employees and annual revenues of $20 billion. Kimberly-Clark (K-C) and its trusted brands are an indispensable part of life for over a billion people in more than 175 countries. Fueled by ingenuity, creativity, and an understanding of people’s most essential needs, we create products that help individuals experience more of what’s important to them.

Our portfolio of iconic brands, including Huggies, Kleenex, Scott, Kotex, Cottonelle, Poise, Depend, Andrex, Pull-Ups, GoodNites, Plenitud, Viva, Softex, Sweety and WypAll, hold the No. 1 or No. 2 share position in 70 countries. Sustainability is at the center of our company and by 2030 we aspire to advance the well-being of one billion people through social programs and reduce our environmental footprint by half. We focus on the areas where we can make the biggest difference – climate, forests, water, and plastics.

After recently celebrating our 150-year anniversary, K-C is in the midst of an exciting transformation from a category-based business to a consumer-led growth platform. Leveraging our purpose-led, performance driven culture, the company continues to drive growth, fueled by category-defining innovation as we live out our purpose of Better Care for a Better World.

At K-C, treating individuals with respect is the way we do business and the way we lead our industry and our world. We’re building an organization that looks and thinks like our customers around the world and searching for talented people with different perspectives and varied backgrounds.

Here, you’ll be part of the best team committed to driving innovation, growth and impact. We’re always looking for new and better ways to perform – so here’s your open door of opportunity. It’s all here for you at Kimberly-Clark; you just need to log on! Led by Purpose. Driven by You.

Position Summary         

K-C is seeking an experienced and visionary cybersecurity leader to drive and oversee our comprehensive digital security strategy. In this role, the Chief Information Security Officer (CISO) will be responsible for leading the design, integration, implementation, and continuous testing of our cybersecurity initiatives, ensuring the safety and resilience of our digital infrastructure. They will collaborate with cross-functional teams to establish best practices, develop innovative security solutions, and maintain a proactive security posture across the organization.

The CISO is responsible for the creation, execution and maintenance of enterprise-wide information security policy, IT risk and compliance, data privacy and protection, and IT disaster recovery strategies. This leader also has responsibility for all K-C security including our manufacturing operations. Reporting to the Chief Digital and Technology Officer, the CISO works closely with K-C’s Cyber-Risk Steering Committee, IT leadership, Legal, and Enterprise Risk and Compliance teams.

K-C is digitally transforming its supply chain and commercial activities and the CISO plays a pivotal role in enabling digital security which is cloud and API ready.  The digital security strategy is an integral part of the business strategy.  The CISO will enable a “Zero-trust” security model and “Privacy by Design” as the company is digitally transforming and embarking on the journey of collection of first party consumer data and engagement.

The CISO will lead on-going enterprise-wide security monitoring, risk assessment and status reporting efforts, identify and secure funding/support for security initiatives, and will drive global security awareness and training programs. In addition, the CISO will review business system continuity and disaster recovery plans as well as information security audit and regulatory compliance. 

Role & Responsibilities          

This role requires a visionary yet grounded leader with strong skills in business management, detailed knowledge of information security technologies and experience leading an IT security organization to achieve security compliance (e.g., PCI, HIPAA and SOX) for diversified business segments. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.  This leader will have frequent interaction with the Board of Directors and other Corporate Officers of the company.

Specifically, the CISO will:

• Work proactively across functional and business leadership and serve as an expert advisor to senior management in the development, implementation and maintenance of enterprise-wide information security technology, compliance, and disaster recovery

• Ensure best practice control objectives for system integrity, availability, confidentiality, accountability and assurance within the context of the company's risk tolerance as set by senior management

• Draft and propose the enterprise-wide information security strategy and action plans based on risk assessment and gap analysis; and identify and propose key information security program priorities, initiatives, practices and tools

• Oversee execution of approved information security project plans and provide regular status reporting on progress of key programs on cyber, privacy and data protection

• Run and operate the IT security infrastructure

• Maintain a cyber scorecard for ongoing communication with the Chief Digital and Technology Officer, Board, and Risk committee

• Serve as chairperson of the organization's Cyber-risk Steering Committee. Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis, etc.) and provide recommendations regarding prioritization of system security infrastructure investments that mitigate risks, strengthen defenses and reduce vulnerabilities

• Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and continue to develop maturity of the security program

• Develop, publish, and maintain comprehensive information security standards, policies, procedures and guidelines

• Act as the primary corporate control point during follow-up on significant information security incidents, oversee development of response plans, and provide timely communication

• Collaborate within the Global IT teams to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required

• Monitor information security trends and evolving technologies, and keep senior management informed about related information security issues and implications

• Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the company on a timely basis. Build a proactive culture of learning from external incidents

• Provide guidance to business units as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with the corporate human resources and legal departments as appropriate

• Engage and direct outside consultants as appropriate on information security audits

• Establish risk-based IT Security, IT Compliance, Data Privacy and Protection, and IT Disaster Recovery approaches to protect consumer data and company operations while not unreasonably restricting the company’s ability to do business

• Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security and IT control standards and policies. This includes coordinating the use of external resources involved in the performance of security testing, i.e. penetration tests, vulnerability scans

• Develop emergency procedures for handling security breaches, manage internal communication regarding system updates and provide estimates of budgetary requirements for technical upgrades. Oversee incident response planning and investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary

 Professional Skills & Qualifications 

• 20+ years of information security experience including 7 years as an information security leader, ideally in the top enterprise role; and demonstrated experience leading the development and ongoing implementation of an enterprise-wide information security program

• Leadership experience developing global policies and strategies in collaboration with existing IT teams to protect the consumer, supply chain, employees, IT assets and intellectual property: experience with applicable regulatory and standards frameworks (e.g., SOX, GLBA, SSAE16, PCI, ISO2700x, NIST, etc.)

• Advanced understanding in several of the following areas: platform security, data security, network security, perimeter security, security assessment tools, security monitoring tools, managed security services, DLP and 3rd party risks

• Advanced understanding of security governance standards, business continuity planning, compliance, enterprise risk management, computer security incident response, and security compliance audits.

• Experience with disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning

• Expertise around Digital ID Management on authorization and authentication

• Knowledge of the regulatory environment around global data privacy regulations, safe harbor laws and associated enforcements as well as the technical, data and policy actions to be taken

• Fortune 500 consumer goods manufacturing and/or retail company experience desired

• Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) desired

• Accomplished change management leader, able to operate effectively across business and functional boundaries, communicate, and prioritize in a highly matrixed, dynamic global work environment

• Articulate, consensus building, and persuasive thought leader with a demonstrated ability to serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization

• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. This is a highly responsible position that requires both quantitative and interpersonal skills

• Ability to translate and relate information security contribution to business outcomes for use by IT Services and senior leadership

• Demonstrated program management, organization and facilitation skills

• Excellent communication, presentation and change management skills with prior experience in effectively communicating to the Board of Directors and Corporate Officers of the company

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity

• BA, BS or Master’s degree in a Computer Science or Information systems related discipline; a Master’s in Business Administration a plus

Leadership Characteristics:

• Strategic thinking: able to set direction aligned to the Company’s strategy, applying external and global perspective to meet local and global needs

• People Motivator: gains people commitment to achieve business objectives through clear communication of the company’s vision and flexing leadership styles to inspire high performance teams

• People Centric Team Builder: promotes employee and customer centricity and ensures focus on assuring cyber security, privacy, high availability, risk mitigation to consumers, customers and employees.  Builds and leads a team enabling high performance

• Results Driven: sets aggressive goals and is accountable for continuously driving improved performance, leading change and ensuring high standards

Location                                                                                                                                                                                                                   

The Chief Information Security Officer will be based in Chicago, IL; Dallas, TX or Roswell, GA.

 Kimberly-Clark Ways of Working

• Focus on Consumers. We keep the needs of customers and consumers at the center of our work. Building strong customer relationships and delivering consumer-centric solutions. Seeing ahead to future possibilities and translating them into breakthrough strategies that delight our consumers.

• Play to Win. We aim high, measure our results, and live our values because winning with integrity matters. Setting aggressive goals and consistently achieving results, even under tough circumstances. Pushing past status quo to create new and better ways to solve problems and win.

• Move Fast. We turn decisions into action, remove barriers and seek progress over perfection. Stepping up to champion ideas, address difficult issues and say what needs to be said. Tackling challenges with a sense of urgency, seizing new opportunities, and scaling winning solutions.

• Grow our People. We champion inclusion and encourage our people to ideate, innovate and contribute to their growth. Encouraging diverse perspectives, experiences and backgrounds that enable our winning culture. Placing a high priority on developing self and others to meet career goals and the organization’s goals.

For Kimberly-Clark to grow and prosper, we must be an inclusive organization that applies the diverse experiences and passions of its team members to brands that make life better for people all around the world.  We actively seek to build a workforce that reflects the experiences of our consumers.  When you bring your original thinking to Kimberly-Clark, you fuel the continued success of our enterprise. We are a committed equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity, age, pregnancy, genetic information, citizenship status, or any other characteristic protected by law.

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.

Employment is subject to verification of pre-screening tests, which may include drug screening, background check, and DMV check.

Veterans and members of the Reserve and Guard are highly encouraged to apply.

Kimberly-Clark will support in-country relocation for the chosen candidate. The benefits provided will be per the terms of Kimberly-Clark’s applicable mobility policies. The benefits/policy provided will decided in Kimberly-Clark’s sole discretion.

#LI-Hybrid 

Salary Range: 309,820 – 400,460 USD

At Kimberly-Clark, pay is just one aspect of our total rewards package, which also includes a variety of benefits and opportunities to achieve, thrive and grow. Along with base pay, this position offers eligibility for a target bonus and a comprehensive benefits suite, including our 401(k) and Profit Sharing plan. The anticipated base pay range for this role is provided above for a fully qualified hire. Actual pay will depend on several factors, such as location, role, skills, performance, and experience. Please note that the stated pay range applies to US locations only.

Primary Location

USA-TX-Dallas

Additional Locations

Worker Type

Employee

Worker Sub-Type

Regular

Time Type

Full time