Director of Cyber Security

Company Overview

Imagine Everything. Build the Future with Hexion.

At Hexion, we push boundaries, rethink possibilities, and create real impact. We activate science to deliver progress—developing breakthrough solutions that strengthen industries, protect communities, and drive a more sustainable future.

This is where bold thinkers, problem-solvers, and innovators come together to shape what’s next. Whether you're engineering advanced materials, transforming manufacturing technologies, or leading strategic innovation, your ideas and actions leave a lasting mark. We cultivate an inclusive culture of growth, collaboration, and accountability, ensuring every contribution propels us forward.

We don’t follow the status quo—we challenge it, disrupt it, and improve it. Every role at Hexion is part of something bigger.

We invest in innovation, sustainability, and continuous development—equipping you with the tools, training, and opportunities to excel. With an unwavering commitment to safety, partnership, belonging, and impact, we empower you to lead change and strengthen industries worldwide.

Your Future Starts Here.  

If you’re ready to push limits, reimagine what’s possible, and create the extraordinary, Hexion is where you belong. 

Anything is possible when you imagine everything. 

Position Overview

The Director of Cyber Security is responsible for Hexion’s Cyber Security program. That will involve identifying, evaluating and reporting on cyber security risk to information assets, while supporting and advancing business objectives.  This position will partner with the CIO to update the Hexion Board of Directors, SLT, Enterprise Risk Management team, and the entire Hexion organization regarding our cyber risk, consistently identified as a top 10 risk for the company each year. 

The Director of Cyber Security position requires a visionary leader with sound knowledge of business management and a working knowledge of cyber security technologies covering the corporate network as well as the broader digital ecosystem. This role is responsible for establishing and maintaining the cyber security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the global digital ecosystem in which we operate. The Director will have a firm grasp of the entire Hexion Enterprise Architecture and partner with all levels of the organization for the cyber impact of changes to said environment.  Requires a firm knowledge of overall Hexion Infrastructure, Service Desk, Servers & Storage, Workplace Services, Network, and various enterprise applications across the Hexion landscape. 

A key element of the role is working with stakeholders to determine acceptable levels of risk for the organization. This individual will proactively work with our Managed Services Provider, IT personnel and the business to implement practices that meet agreed-on policies and standards for cyber security. The Director of Cyber Security will understand and articulate the impact of cyber security on the business and be able to communicate this to the stakeholders such as IT Leadership, Senior Leadership Team and the Board of Directors. 

Job Responsibilities

Establish Governance and Build Knowledge :

• Acts as the CISO for Hexion, across all areas of Cyber Security and Governance 
• Strategic Leadership & Governance: Define and drive the company’s enterprise-wide information security strategy, aligning with corporate goals and regulatory requirements, while fostering a risk-aware culture across global operations. 
• Cybersecurity Architecture & Operations: Oversee design, implementation, and continuous improvement of security architecture, threat detection, incident response, and data protection programs to safeguard critical manufacturing systems, IP, and business data. Liaises with the enterprise architecture to build alignment between the security and enterprise (reference) architectures, thus ensuring that cyber security requirements are implicit in these architectures and security is built in by design 
• Compliance & Risk Management: Ensure compliance with industry regulations (e.g., NIST, ISO 27001, GDPR, CISA directives), conduct regular risk assessments, and lead mitigation initiatives to reduce business exposure. 
• Collaboration & Stakeholder Engagement: Partner with IT, Legal, Operations, and Executive teams to integrate security into digital transformation efforts, supply chain security, and enterprise systems across global sites. 
• Team Leadership & Vendor Oversight: Build and lead a high-performing cybersecurity team; manage third-party security vendors and MSSPs to deliver effective, scalable, and cost-efficient security operations 
• Provides regular reporting on the status of the cyber security program to CIO, IT Senior Leadership team, enterprise risk teams, senior business leaders, and Board of Directors as part of a strategic enterprise risk management program, thus supporting business outcomes. 
• Develops, socializes, and coordinates approval and implementation of global security policies in collaboration with the Governance, Risk and Compliance Team. 
• Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. 
• Develops the Hexion Cyber Roadmap and updates as appropriate. 

Cyber Security Training and Awareness :

• Oversee security campaigns to spread security awareness, emphasizing best practices and employee involvement. Leads global town halls on various cyber topics, such as the annual remembrance of the cyber outage from 2019. 

Operations Management :

• Manages outcomes of Cyber service provider, including overseeing governance activities, resourcing, and deliverables. Acts with broad authority when necessary to resolve cyber emergencies which may result in a global impact. Reviews escalated operational changes for security impact and approves changes. Partner with cyber security lead from service provider to ensure services are being delivered effectively, and in a timely manner.  Serve as an escalation point for issues / concerns related to service delivery. 
• Sets strategy and direction for the Service provider.  Must have in depth technical knowledge of the Hexion environment to approve changes to the environment and identify, then stand firm with the service provider to correct when off track. 
• Oversees and participates in investigations of cyber fraud, 3rd party compromise, privacy or other cyber events 

Minimum Qualifications

Educational Background: 

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field (Master’s preferred). 
• Professional certifications such as CISSP, CISM, CISA, or GIAC required; CIP or CCSP a plus. 

Experience: 

• Minimum 15 years of IT experience, with at least 7–10 years in senior security leadership roles. 
• Proven track record managing enterprise-wide security programs in complex, regulated environments—preferably in manufacturing, chemical, pharma, or industrial sectors. 
• Experience with OT/ICS (Operational Technology/Industrial Control Systems) cybersecurity is strongly preferred. 
• Understanding of audit processes, procedures, external compliance standards/regulations and IT internal control frameworks / structures 

Technical Expertise: 

• Deep understanding of cybersecurity frameworks (NIST, ISO/IEC 27001), risk management, threat intelligence, and incident response. 
• Familiarity with securing ERP systems (e.g., SAP), cloud platforms, industrial networks, and IoT devices in manufacturing settings. 
• Knowledge of data privacy laws, export control, chemical sector-specific compliance mandates (e.g., CFATS, TSCA), and supply chain cybersecurity. 
• Previous experience in an ITIL or managed services environment 
• Basic knowledge of IAM standards such as OAuth/OpenID, SAML, SCIM, and LDAP 

Leadership & Communication: 

• Strong business acumen with the ability to communicate complex security topics clearly to the Board and non-technical stakeholders. 
• Demonstrated experience building and leading diverse, global security teams and driving cultural change toward cybersecurity awareness.

Other

We are an Equal Opportunity, Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to gender, pregnancy, race, national origin, religion, age, sexual orientation, gender identity, veteran or military status, status as a qualified individual with a disability or any other characteristic protected by law.

To be considered for this position candidates are required to submit an application for employment through our career site and, be at least 18 years of age.  Any offer of employment will be conditioned upon successful completion of a drug test and background investigation, as well as authorization for the Company to conduct additional periodic background checks as required by the Chemical Facility Anti-Terrorism Standards (CFATS) or regulations adopted by the department of Homeland Security or other regulatory agencies. A prior criminal record is not an automatic bar to employment, and the Company will conduct an individualized assessment and reassessment, consistent with applicable law, prior to making any final employment decision.