Director, Information Security
The Director of Information Security will be responsible for developing, implementing & monitoring a strategic, comprehensive enterprise cybersecurity & IT risk management program. Furthermore, provide the vision & leadership necessary to manage the risk to the organization & ensure business alignment, effective governance, system & product availability, integrity & confidentiality.
Duties & Responsibilities
- Provide the direction for company data & cybersecurity protection & oversee Technology governance & policies.
- Develop company security strategy, security awareness programs, security architecture, & security incident response.
- Provide strategic risk guidance for IT projects, including evaluation & recommendation of technical controls.
- Educate IT leaders on appropriate security risk & mitigation strategies.
- Collaborate with IT compliance team(s) as needed & coordinates the IT component of both internal & external audits to ensure security programs are in compliance with relevant laws, regulations & policies.
- Develop, maintain & publish up-to-date security policies, standards & guidelines.
- Oversee training & dissemination of security policies & practices.
- Evaluate new cybersecurity threats & IT trends & develops effective security controls.
- Oversee development of security awareness programs.
- Develop & oversee effective disaster recovery policies & standards to align with company business continuity management program goals.
- Coordinate development of implementation plans & procedures to ensure business critical services are recovered in the event of disasters or other incidents, & provides direction, support & in-house consulting in these areas.
- Evaluate potential security breaches, coordinates response, & recommend corrective actions.
- Supervise staff as assigned in the performance of the job duties.
- Define & report on information security metrics.
- Provide project management & leadership to staff & external resources in support of established goals & objectives, improved efficiencies, & problem resolution.
- Ensure accomplishment of all objectives in accordance with company policies, procedures, & strategic direction, as well as regulatory standards.
- Maintain current knowledge of industry & regulatory trends & developments for the enterprise technology.
Knowledge & Skills
- Security/Network Architecture
- Practices & methods of security architecture, enterprise architecture & IT strategy
- Security architecture definition & development
- Security concepts related to routing, DNS, VPN, authentication, DDOS mitigation technologies/tools & proxy services
- Firewall & other security tools & technologies
- Intrusion prevention & detection protocols
- Networking concepts related to TCP/IP, switching & routing
- Security infrastructure & network configuration
- Cloud Computing Platforms
- Active Directory
- Compliance Frameworks
- Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
- Demonstrated management skills, e.g., budget development & administration, policy development & implementation, personnel administration, staff training and development.
- Demonstrated ability to work with diverse people; effective oral & written communication skills.
- Knowledge of Information technology infrastructure library (ITIL) with respect to security administration & information technology governance in a multi-platform environment.
- Ability to establish priorities, work independently, & proceed with objectives without supervision.
- Ability to do problem determination & escalation.
- Excellent verbal & written communication skills with customers & co-workers.
Credentials & Experience
- Bachelors degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field. Masters degree preferred.
- Minimum of five (5) years of experience in the field related to the title of the position.
- Certified Information Systems Security Professional (CISSP) Certification preferred.
- Experience in establishing cybersecurity & risk metrics for reporting.