VP, Cybersecurity & Information Risk

Reposted Yesterday
Be an Early Applicant
Plantation, FL, USA
In-Office
Expert/Leader
Kids + Family
The Role
Executive leader accountable for enterprise information security strategy, regulatory compliance (SEC disclosures, SOX ITGC, global privacy), and AI security governance. Oversees SOC, incident response, GRC, IAM, vulnerability management, third-party risk, security architecture, and security integration across cloud, on-premises, OT/warehouse, and supply chain environments. Chairs governance committees, reports to executive leadership and Audit Committee, and manages budget, tooling, and vendor relationships.
Summary Generated by Built In

As the Vice President of Cybersecurity & Information Risk (CISO), you will report directly to the EVP of Global IT with a dotted line to the Audit Committee. In this executive role, you are responsible for establishing and executing the enterprise information security strategy, protecting critical global infrastructure, and ensuring full compliance as a wholly-owned subsidiary of a public reporting entity. You will hold primary accountability for meeting SEC cybersecurity disclosure rules, SOX ITGC requirements, and global data privacy regulations. Additionally, you will lead the security governance of enterprise AI adoption—a rapidly evolving domain with material implications for data protection, regulatory compliance, and operational risk.

What You Will Do

  • Develop and maintain the enterprise information security strategy and roadmap, aligned to the NIST Cybersecurity Framework (CSF 2.0), CIS (And other industry relevant frameworks like ISO 27001, etc) and the company’s risk appetite as defined by the Board. Continuously evaluate and update the strategy to address emerging threats and technologies. 

  • Chair the Information Security Steering Committee, convening business unit leaders, Legal, Internal Audit, and Finance to govern cross-functional security decisions

  • Conduct Risk assessment and maintain the enterprise security risk register; present risk posture and material risks to the Audit Committee and Risk Committee on a quarterly basis

  • Establish and enforce the Information Security Policy framework, including acceptable use, data classification, third-party risk, and incident response policies

  • Develop and manage an incident response plan, tabletops to swiftly and effectively respond to and recover from security incidents, minimizing the impact on the organization. 

  • Establish disaster recovery and business continuity plans to ensure the availability and integrity of critical systems and data. 

  • Own the cybersecurity budget, including capital planning, managed services contracts, and tooling rationalization

  • Establish and own the enterprise AI security and acceptable use framework, covering employee GenAI tools, embedded AI in SaaS, and any custom AI/ML deployments

  • Oversee the 24/7 Security Operations Center (SOC), including hybrid internal/managed service delivery model, SIEM, EDR, and threat intelligence platforms

  • Own and exercise the Incident Response Plan; serve as executive decision-maker for material security incidents, including coordination of external forensics, legal counsel, law enforcement, and public disclosure

  • Lead tabletop exercises and red team/purple team programs; ensure findings drive measurable improvements to detection and response capability

  • Manage cyber threat intelligence program, ensuring actionable intelligence informs both operational response and strategic risk discussions

  • Own the enterprise GRC program, including risk assessments, control mapping, exception management, and audit liaison

  • Lead the annual SOX ITGC program in coordination with Internal Audit, ensuring timely completion, appropriate evidence, and effective remediation of control deficiencies

  • Maintain and mature the Third-Party Risk Management (TPRM) program, covering vendors, 3PLs, carriers, and technology providers across the global supply chain

  • Manage internal compliance activities such as Phishing Campaigns, Security Awareness Program (including AI-specific user education) and  User Access reviews

  • Set strategic direction for the IAM program, including Zero Trust architecture, privileged access management (PAM), identity governance, and multi-factor authentication across enterprise and OT/warehouse environments

  • Ensure access controls meet SOX segregation of duties requirements across ERP, WMS, and financial systems

  • Oversee identity programs for complex workforce segments including warehouse floor workers, mobile/remote employees, and third-party logistics partners

  • Own the enterprise vulnerability management program, including CVE tracking, risk-based patching SLAs, and penetration testing program

  • Maintain a dotted-line relationship with the SVP of Enterprise Applications, Data & Digital to embed security into the software development lifecycle (SDLC), CI/CD pipelines, and vendor application deployments

  • Oversee application security reviews for material system changes, M&A integrations, and new technology deployments

  • Set strategic direction for the Network Security program, including Zero Trust architecture.

  • Oversee the design and enhancement of secure network infrastructure and systems (Security Architecture).

  • Manage communication security, covering internal and external information transfer and access from outside networks.

  • Oversee and manage the execution of endpoint, network, and cloud security.

  • Lead the security architecture review process for all major technology initiatives to ensure alignment with the enterprise security strategy and regulatory requirements.

  • Rationalize the security tooling and technology stack for cost efficiency and maximum control effectiveness.

  • Establish and maintain engineering standards and best practices for security controls across all environments.

  • Manage and Oversee the implementation and integration of security tools and platforms (SIEM, EDR, Threat Intelligence, IAM, GRC, etc) to optimize Security Operations Center (SOC) efficiency and automated incident response capabilities and other security capabilities.

  • Own the data protection strategy including encryption standards, data loss prevention (DLP), and data classification framework

  • Serve as executive sponsor for data privacy compliance (GDPR, CCPA/CPRA), working closely with Legal and the Privacy Officer where applicable

  • Manage data breach response procedures including regulatory notification timelines and internal escalation protocols

  • Design and oversee the enterprise security awareness and training program, including phishing simulations, mandatory annual training, and role-based programs for global business

  • Serve as a visible internal champion for security culture, engaging business unit leaders and the Board in a manner that builds security as a business enabler

  • Provide security-focused oversight and governance for critical IT infrastructure, encompassing on-premises, cloud, and network environments.

  • Partner with the VP, Infrastructure and Technology Services to set the strategic direction and ensure secure architecture design and enhancement for networks and systems.

  • Establish and maintain engineering standards and best practices for security controls across all environments.

  • Oversee the execution of endpoint, network, and cloud security initiatives.

What We are Looking For

  • 15+ years of progressive information security experience, with a minimum of 5 years in a senior leadership role (CISO, Deputy CISO, or VP-level) at a company of comparable complexity

  • Demonstrated experience operating in or supporting a publicly reporting company, including direct engagement with SEC disclosure obligations, SOX ITGC programs, and external audit processes

  • Deep expertise across most of the core security domains: security operations and incident response, security engineering, GRC, IAM, vulnerability management, and data protection

  • Experience presenting to and advising Boards of Directors, Audit Committees, and C-suite executives on cybersecurity risk

  • Experience in incident response and crisis management, including proven track record of managing material security incidents requiring executive decision-making under pressure and coordination of external legal counsel and forensics

  • Experience operating in complex, multi-geography environments with IT and supply chain technology footprints

  • Proven success leading security programs in lean, accountable operating environments, delivering enterprise-grade outcomes through a combination of focused internal team, managed service partnerships, automation, and disciplined prioritization.

  • Proven ability to articulate complex security topics to both technical and non-technical stakeholders. 

  • Bachelor’s degree in Computer Science, Information Security, or related field; advanced degree preferred

  • Industry certifications: CISSP

  • Familiarity with emerging AI security frameworks (NIST AI RMF, ISO 42001)

Preferred

  • Industry certifications: CISM, CRISC, CGEIT, or equivalent

  • Experience with distribution, logistics, or supply chain verticals

  • Familiarity with OT/ICS security in warehouse or manufacturing environments (IEC 62443, NIST SP 800-82)

  • Prior experience as a named CISO or as subject matter expert in SEC comment letter responses

  • Experience managing cybersecurity through M&A transactions, including due diligence, integration, and post-close remediation

Other Knowledge, Skills, Abilities, and Other Characteristics (KSAO's) 

  • Extensive knowledge of legal issues related to organization liability and cybersecurity insurance trends 

  • Experience in establishing cybersecurity and risk metrics for reporting 

  • Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders 

  • Demonstrated management skills regarding budget development and administration, policy development and implementation, personnel administration, and staff training and development 

  • Demonstrated ability to work with diverse people, as well as effective oral and written communication skills 

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee, but provide the primary duties and responsibilities of the role. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice.

What we offer:

The base salary may vary based on experience, role tenure, performance, industry, and location. Eligibility for the annual performance incentive may apply. Jazwares is a multi-state employer, so the salary range may not apply to other states.

Our benefits package includes basic medical insurance that is 100% company-paid for employees and their children, employee basic life and AD&D insurance, a 401(K) retirement program with Jazwares matching up to 4% of pretax or post-tax deferrals, short and long-term disability, and tuition reimbursement. 

Our work environment provides a flexible work schedule that includes a Monday through Thursday on-site, with an optional WFH on Fridays, up to 20 workdays fully remote each year, and Time Off for vacation and sick leave.  Through Jazwares Cares, you will have the opportunity to volunteer for up to 16 hours a year on community service projects. 

Reasonable Accommodations   

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. 

Working at Jazwares

At Jazwares, we believe an innovative idea can come from anywhere and anyone. Through our three pillars, we foster innovation and encourage creativity in every area of our business.

  • Passion: Our conviction and enthusiasm show in our products, relationships, and commitment to our community.
  • Collaboration: We share one vision worldwide, constantly striving to improve and innovate together.
  • Humility: We recognize the value in others and treat everyone with respect. Our strength lies in our people and talent.

Don't miss out on this extraordinary opportunity to be part of the fastest-growing toy company in the industry. Connect with us today, and let's shape the future of play together! 

JAZWARES is an equal opportunity employer and does not discriminate in employment on the basis of race, color, sex, religion, national or ethnic origin, citizenship status, ancestry, disability, age, military status, marital status, sexual orientation, or any other characteristic protected by law. Jazwares is committed to providing reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities.

Who We Are

Jazwares, a Berkshire Hathaway company, is a leading global toy manufacturer with a robust portfolio of owned and licensed brands. Founded in 1997, Jazwares celebrates imaginative play with a progressive focus on identifying new and relevant trends to transform into high-quality products for consumers of all ages. Jazwares engages consumers through innovative play experiences with popular brands such as Squishmallows™, Pokémon™, Hello Kitty™, Star Wars™, Disney™, BumBumz™, and Adopt Me™. In addition to toys, offerings include virtual games, costumes, and pet products. Headquartered in Plantation, Florida, Jazwares has offices worldwide and sells its products in over 100 countries. For more information, visit www.jazwares.com and follow us on LinkedIn, X, Instagram, and Facebook.

Recruitment Safety 

Please be wary of unsolicited communications from individuals or websites you are not familiar with, or any communications requesting sensitive personal data or information. All official Jazwares employment information will come from our company email ending in @jazwares.com. Jazwares will never request any monetary payments at any point during its hiring process. If you have any questions about any unsolicited communications, you can reach out to [email protected]. We look forward to you experiencing a safe and enjoyable application process at Jazwares! 

 
Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

Skills Required

  • 15+ years of progressive information security experience with minimum 5 years in senior leadership (CISO, Deputy CISO, or VP-level) at comparable complexity
  • Experience operating in or supporting a publicly reporting company, including SEC cybersecurity disclosure obligations, SOX ITGC programs, and external audit processes
  • Deep expertise across core security domains: security operations and incident response, security engineering, GRC, IAM, vulnerability management, and data protection
  • Proven experience presenting to and advising Boards of Directors, Audit Committees, and C-suite executives on cybersecurity risk
  • Proven incident response and crisis management experience, including managing material security incidents and coordinating external forensics and legal counsel
  • Experience operating in complex, multi-geography environments with IT and supply chain technology footprints
  • Bachelor's degree in Computer Science, Information Security, or related field (advanced degree preferred)
  • Industry certification: CISSP
  • Familiarity with emerging AI security frameworks (NIST AI RMF, ISO 42001)
  • Experience delivering enterprise-grade outcomes through lean teams, managed services, automation, and disciplined prioritization
  • Industry certifications such as CISM, CRISC, CGEIT, or equivalent
  • Experience with distribution, logistics, or supply chain verticals
  • Familiarity with OT/ICS security in warehouse or manufacturing environments (IEC 62443, NIST SP 800-82)
  • Prior experience as a named CISO or subject matter expert in SEC comment letter responses
  • Experience managing cybersecurity through M&A transactions (due diligence, integration, post-close remediation)
  • Knowledge of legal issues related to organizational liability and cybersecurity insurance trends; ability to establish cybersecurity and risk metrics

Jazwares Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Jazwares and has not been reviewed or approved by Jazwares.

  • Healthcare Strength Healthcare coverage is described as strong, with company-paid medical for employees and comprehensive medical, dental, vision, and mental health options. Feedback suggests this elevates perceived total compensation even when base pay varies by role.
  • Retirement Support Retirement provisions include a 401(k) with company match alongside life, disability, and AD&D. Feedback suggests these staples are consistently valued within the overall package.
  • Leave & Time Off Breadth Time-off programs span generous PTO, paid holidays, bereavement leave, and parental leave. Feedback suggests the inclusion of parental leave and periodic office closures enhances the practical breadth of time away.

Jazwares Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Sunrise, FL
553 Employees
Year Founded: 1997

What We Do

Jazwares, a subsidiary of Alleghany Capital Corporation, is a leading global toy company, recently expanding into the costumes and pets category. Jazwares’ portfolio includes a variety of dynamic licensed and wholly owned brands. The Jazwares Game Studio further expands play opportunities for kids within the Metaverse. Jazwares celebrates 25 years of innovative play with expertise in design, development, and manufacturing. An award-winning company with a progressive focus on identifying new trends, Jazwares then transforms them into high-quality products for consumers of all ages. Headquartered in Sunrise, FL, Jazwares has offices around the world and sells its products in more than 100 countries. Since its inception in 1997, Jazwares continues to grow through the development of new products and the strategic acquisitions of companies. For more information about Jazwares, please visit www.jazwares.com.

Similar Jobs

In-Office
16 Locations
2653 Employees
1-2 Annually

Liberty Mutual Insurance Logo Liberty Mutual Insurance

Inside Sales Representative

Artificial Intelligence • Fintech • Insurance • Marketing Tech • Software • Analytics
Remote or Hybrid
9 Locations
40000 Employees
44K-100K Annually

CSC Logo CSC

Client Service Representative

Fintech • Legal Tech • Software • Financial Services • Cybersecurity • Data Privacy
Hybrid
Tallahassee, FL, USA
8500 Employees

Liberty Mutual Insurance Logo Liberty Mutual Insurance

Inside Sales Representative

Artificial Intelligence • Fintech • Insurance • Marketing Tech • Software • Analytics
Remote or Hybrid
8 Locations
40000 Employees
45K-85K Annually

Similar Companies Hiring

Munchkin, Inc. Thumbnail
Consumer Web • eCommerce • Food • Kids + Family • Design • Manufacturing
Milton, Ontario
325 Employees
Marble Health Thumbnail
Healthtech • Kids + Family • Social Impact • Software • Telehealth • Conversational AI
New York, New York
35 Employees
Playground (tryplayground.com) Thumbnail
Kids + Family • Payments • Social Impact • Software
New York City, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account