Information Security Officer

About Us

Elementis is a global specialty chemical company, with 1,300 employees operating 17 manufacturing sites across the globe. At Elementis, we bring a distinctive combination of expertise, innovation, and teamwork to every formulation challenge. We create high-value specialty additives that enhance the performance of our customers' products and make a positive change in the world. Combining our leading positions in the science of materials flow, surface modification, and formulation with access to unique natural materials, Elementis delivers unique chemistry, sustainable solutions to customers in a wide range of markets, including cosmetics, anti-perspirants, decorative and industrial coatings, automotive and ceramics.

Job Description Summary

The Information Security Officer plays a pivotal role in safeguarding the digital assets, systems, and data of the organization. Reporting to the Information Security Manager, will be a key part of the team responsible for ensuring that security controls are effective, scalable, and aligned with business objectives across a global and diverse footprint, that comprises cloud, and on-premises (office, remote, manufacturing, and laboratory, etc.) environments.
This position is embedded on a team that acts as a trusted advisor to IT and business stakeholders, providing expert guidance on risk mitigation, compliance (ISO27001, NIS2, etc.) and secure operations. This role requires a proactive mindset, very strong technical acumen, and the ability to influence cross-functional teams to uphold the highest standards of cybersecurity.

Job Description

Responsibilities

1. Security Operations
- Engage in security investigations and reviews following the identification of anomalies and breaches of security controls.
- Compose recommendations for the implementation of appropriate control enhancements, collaborating with other colleagues and external experts, as necessary.
- Conduct a comprehensive review of security risks across Elementis and collaborate with the business to prioritize any required remediation actions.
- Contribute to the maintenance of the security risk register and associated action plans.
- Follow up with action owners to ensure that agreed-upon actions have been completed, providing support and guidance as required.

2. Security Compliance and Control
- Ensuring that security activities adhere to sound practices and applicable regulations is paramount.
- Stay abreast of the latest security trends, developments, and best practices.
- Become an integral component of the information security management system and certification process.
- Assume responsibility for designated security subsystems and processes. Specifically, assume ownership of the comprehensive security/roles changes and audit processes of certain internal enterprise systems (e.g., ERP systems).
- Lead the transformative process of critical information security pipelines.

3. Advice and support
- Be capable of providing specialist information security input and advice to ensure that the security opportunities and vulnerability risks are identified and managed.

Job Competencies
- Risk Management: Information security entails a continuous identification and management of risks.

To effectively perform this role, the individual must possess a comprehensive understanding of the IT infrastructure and software, enabling them to pinpoint potential risks and implement strategies to enhance the overall IT environment.
- Collaboration and Influencing: within an effective security environment, the collective efforts of numerous individuals within an organization are instrumental in achieving success.

This role entails training, guidance, team playing and influencing colleagues across IT and Elementis to prioritize security measures and implement appropriate actions to effectively mitigate security risks.
- Planning and adaptability: Planning and alignment are fundamental components of enhancing the security environment. However, it is equally crucial to incorporate an element of flexibility and continuous adaptability. This is because criminals are constantly evolving and refining their attacks and tactics.

Decision making
- The role captures business needs, and challenges, translating those into technical requirements or actionable items.
- The role influences the shape of the IT Security roadmap by providing insights through analysisThis role has autonomy to assign priority-order to the user requests and tickets raised.

Technical Knowledge and Skills
- Comprehensive understanding of cybersecurity techniques, controls, and frameworks, both in operational technology (OT) and information technology (IT) environments.
- Proficiency in intrusion detection tools and techniques.
- Expertise in incident response within a multi-location and complex environment.
- In-depth knowledge of security accreditation processes, guidelines, and regulatory compliance.
- Familiarity with other IT areas, including net