Director | Information Security

Job Description:

The InformationSecurityDirectoris responsible for the development and oversight of a comprehensiveinformationsecurity compliance and privacy program. The scope of this position is global and requires a working knowledge of the various regulations. This role is responsible for the integration of IT systems withsecuritypolicies andinformationprotection strategies. The role is also responsible for developing maintaining and publishing privacy andinformationsecuritystandards procedures and guidelines for use within the IT organization. This position will require some day-to-day hands on management of the various applications used forinformationsecurity companywide. The candidate will make suresecuritypolicies standards and procedures are established and enforced. The candidate must be prepared to provide presentations to Audit Committee on companysecurityposture exhibiting professionalism and maturity at all times.

Job Responsibilities include (but are not limited to):

• Develops and maintains a risk strategy that formalizes risk into a comprehensive program for management to assess areas of concern.
• Maintains a governance program that ensures allInformationSecuritycontrols are adequately maintained and reported.
• Works with business teams to maintaininformationsecuritypolicies procedures and standards and assists the various departments and practice groups in adhering to them
• Develops publishes and maintains a comprehensive organization-wideinformationprivacy andsecurity strategy plans policies procedures and guidelines.
• Manages the development implementation and maintenance ofsecuritypolicies standards and guidelines.
• Directs the development and enforcement ofinformationsecurityand privacy policies in compliance with federal and state regulations and standards.
• Coordinates the development of an ongoinginformationsecurityawareness and knowledge program to ensure that employees are aware of threats and how to help ensure privacy of company information.
• Identifies currentsecurityinfrastructure and defines what kind ofsecuritymust be designed and implemented in order to meet organization requirements.
• Work with legal to ensure data protection practices are consistent with international regulatory requirements.
• Researches and maintains proficiency in tools techniques countermeasures and basic trends in computer and network threats and exploits.
• Maintains appropriatesecuritymeasures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted clientinformationand reasonably protects against anticipated threats and vulnerabilities
• Conducts risk analysis and assessments to ensure there are solutions in place to mitigate those risks.
• Assists in the responses to RFIRFPs and securityrelated concerns.
• Provides management with up to dateinformationon the different threats andsecurityvulnerabilities that the organization may face.
• Ensures compliance through adequate training programs and oversight of periodic internalsecurityaudits.
• Serves as active participant in InformationSecuritySteering Committee and serves as IT owner for security-related incident responses

Technical Skills Required:

The successful candidate must possess a strong understanding of the following:

• Technical implications ofsecuritythreats and vulnerabilities
• Technical analysis and evaluation of network andsecurityvulnerabilities and managingsecuritysystems such as anti-virus firewalls patch management intrusion detection and encryption
• Vulnerability scanning intrusion detection anomaly detection and associated technologies
• Intrusion DetectionPrevention Systems firewalls ACLs and encryption technologies
• Tools techniques and standards used to conduct penetration testing of networks and applications
• The latestinformationsecuritythreats & vulnerabilities and appropriate countermeasures
• Best Practices related toinformationcomputer forensic investigation processes and techniques
• TCP/IP and other related protocols

Soft Skills Required:

The successful candidate must possess the following soft skills:

• Must be an intelligent articulate consensus building and persuasive leader who can serve as an effective member of the senior management team and communicateinformationsecurity-related concepts to a broad range of technical and non-technical staff
• Must demonstrate the ability to maintain strict confidentiality of company internal and personnel affairs.
• Ability to manage multiple concurrent objectives or activities and effectively make judgments in prioritizing and time allocation in a high-pressure environment
• Ability to deal with changes and adapt to a changing environment
• Ability to work well with others harness different skills and experience and build a strong sense of team spirit
• Highly self-motivated and directed
• Ability to work in a multi-office environment and willingness to travel to other offices as required
• Excellent verbal communication and writing skills
• Presentation Skills Prepare and deliver formal and informal presentations to illustrate ideas solutions and issues to upper management
• Intermediate project management experience
• Must have strong documentationtechnical writing skills

Education and Experience:

• The candidate must have extensive experience ininformationsecuritywith a technical background in computer science mathematics engineering or a related field.
• This technical background must be balanced with effective management skills because the Director of InformationSecuritymust interact with people at all levels of the organization.
• Experience with disaster recovery planning and testing auditing risk analysis business resumption planning and contingency planning
• Bachelors degree in Computer Science Engineering Mathematics or related disciplines (or equivalent experience)
• 10 years practical experience in ITsecurityrelated positions (ITSecurityDirector ITSecurityManager SecurityAuditorSecurityAnalyst etc.)
• CISSP CISM CISA CEH ITIL and Project Management certifications preferred.