Director, Information Security

Company Overview

The National Association for Stock Car Auto Racing (NASCAR) is the sanctioning body for the No. 1 form of motorsports in the United States and owner of 16 of the nation’s major motorsports entertainment facilities. NASCAR consists of three national series (NASCAR Cup Series™, NASCAR Xfinity Series™, and NASCAR Gander RV & Outdoors Truck Series™), four regional series (ARCA Menards Series, ARCA Menards Series East & West and the NASCAR Whelen Modified Tour), one local grassroots series and three international series. The International Motor Sports Association™ (IMSA®) governs the IMSA WeatherTech SportsCar Championship™, the premier U.S. sports car series. NASCAR also owns Motor Racing Network, Racing Electronics, Americrown Service and ONE DAYTONA. Based in Daytona Beach, Florida, with offices in eight cities across North America, NASCAR sanctions more than 1,200 races in more than 30 U.S. states, Canada, Mexico and Europe. For more information visit www.NASCAR.com and www.IMSA.com, and follow NASCAR on FacebookTwitterInstagram, and Snapchat (‘NASCAR’)

Job Description

NASCAR seeks a talented professional to join in the position of Director of Information Security. This positionis responsible for providing technical leadership around NASCAR's Information Security Practice. The selected candidate is a hands-on management; responsible for development, implementation and management of information security for this enterprise. Collaborative leader is number one requirement.

The selected candidate is expected to be able to act in leadership roles and interface with a variety of team members throughout the organization. The candidate will lead a team of security specialists focused on Technology compliance and Technology security. Candidate is expected to be highly experienced in Systems Administration Practices, Software as a Service Applications and Compliance Management of SOX, PCI DSS, FRCP, PII (including HIPAA) and others.

Organization: Information Security

Reports to Vice President Enterprise Technology and directs the teams and functions of incident response, operations, engineering, identity and access management, and application security; establishes the information security strategy and develops roadmaps to help mitigate information risk.

Essential Duties and Responsibilities include the following:

Information Security Expert

  • Serve as an internal information security consultant to the organization monitoring advancements in information security technologies
  • Monitor changes in legislation and accreditation standards that affect information security. Stay abreast of the latest thinking, technologies, and security literature.
  • Initiating, facilitating, and promoting activities to foster information security awareness within the organization.

Security Management/Leadership

  • Ability to lead a team of direct reports responsible for Access Administration and Security Analyst functions.
  • Ability to lead cross functional teams from Human Resources, Legal, Marketing, Technology and others in the management of day to day activities associated with Information Security.
  • Ability to lead cross functional project teams in the fulfillment of a project initiative.
  • Responsible to work with broad team to complete annual PCI compliance and certification process.
  • Point of contact for cyber liability insurance carrier. Work closely with our Risk team to stay aligned to renewals, changes, etc.
  • Prepare key management reporting relating to the state of IT security for quarterly NASCAR audit committee updates.
  • Accountable for management of annual NASCAR security awareness training.
  • Prepare the annual operating and capital budget for IT Security. Review monthly expenses and ensure forecasting is accurate representing anticipated spend.
  • Lead the IT Security Compliance Steering committee. Engage the committee on relevant IT security concerns that may impact business.

Secure Systems Management

  • Ability to plan and organize work consistent with the strategic goals of NASCAR.
  • Identify priority activities and assignments and to ensure the effective monitoring and implementation of work plans.
  • Reviewing all system-related information security plans throughout the organization's network.
  • Monitoring and reporting of IT security events, incidents, and vulnerabilities.
  • Ensure the integrity of host computers, servers, databases, laptops, firewalls and other devices for secure data transfer.
  • Troubleshoot and repair information security tool implementations.
  • Assist efforts to determine information security frameworks, requirements, direction and system recommendations.
  • Maintain existing capabilities, make recommendations and implement appropriate up to date security technologies  such as encryption, anti-virus software etc. as needed.
  • Configure existing technologies in an effort to solve operational issues.

Internal Control Management

  • Monitor internal IT control systems to ensure that appropriate information access levels and security clearances are maintained.

Risk Assessment

  • Performing information security risk assessments and serving as the internal auditor for information security processes.
  • Perform annual penetration testing and risk assessments against assets and processes. Disaster Recovery/Business Continuity
  • Assist in preparing the organization's disaster recovery and business continuity plans for information systems. Policy and Procedure
  • Documenting the information security policies and procedures.
  • Implementing the organization's information security policies and procedures.
  • Monitoring compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate department managers or administrators.  

Documentation

  • Compile, deliver, and maintenance of security/compliance documentation for internal and external consumption.

Additional responsibilities as assigned by management.

Supervisory Responsibilities

Directly supervises assigned staff.  Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws.  Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

Education and/or Experience

Bachelor’s degree (B. A.) from four-year college or university; or one to two years related experience and/or training; or equivalent combination of education and experience.

  • 10 or more years of experience in Information Security with minimum of 7 years leadership experience.
  • Excellent coaching, management, technical, and analytical skills.
  • Ability to plan, direct and control security programs and initiatives.
  • Quick and effective assessment and judgment skills.
  • Experience with Auth0 and AlertLogic a plus
  • Experience with Splunk a plus
  • Experience with PaloAlto a plus
  • Experience with ServiceNow a plus
  • Able to work independently and consultatively to interpret and apply rules, regulations, policies and procedures.
  • Demonstrate current knowledge of industry trends, standards and technologies.
  • Excellent oral, written and communication skills is important in collaborating with colleagues and other teams across the NASCAR organization.
  • Ability to handle stress and work under pressure with professionalism.
  • Ability to meet deadlines, self-motivated and self-managed.
  • Ability to present to large groups and executive leadership
  • Strong Technical Skillsets
  • Competent with IDS/IPS systems operations
  • Competent with Application and Infrastructure Scanning Systems
  • Competent with Data Loss Prevention Products
  • Competent with Internet Filtering Products
  • Competent with Identity Management Solutions
  • Competent with Security Log Management Solutions
  • Capable of performing organization Information Systems Risk Assessment
  • Capable of performing organization Attack and Penetration Testing
  • Capable of coordinating Sarbanes Oxley Act Compliance Management
  • Capable of coordinating Payment Card Industry Compliance Management
  • Capable of coordinating Health Insurance Portability and Accountability Act Compliance Management
  • Capable of coordinating Litigation Data Preservation Actions in accordance with the Federal Rules of Civil Procedure and associated rulings
  • Capable of coordinating compliance actions associated with other compliance regulations Professionalism
  • Professional competencies in computer engineering or related field of work
  • Conscientious and efficient in meeting commitments, observing deadlines and achieving results
  • Able to work independently with minimum supervision
  • Capable of preparing reports and papers on technical issues
  • Proven analytical skills to arrive at sound conclusions when dealing with complex issues
  • Ability to contribute to the development of policies and to interpret procedures and guidelines Communication
  • Excellent skills in communicating with people from different backgrounds and technical abilities
  • Ability to communicate to Executive Leadership
  • Ability to communicate complex technical items to non-technical individuals in a succinct and clear fashion Customer Orientation
  • Skillful in identifying customer needs and establishing and maintaining effective relationships with internal and external stakeholders Decision-making

Certificates, Licenses, Registrations

  • Requires one of two industry recognized certification credentials: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
  • CEH: Certified Ethical Hacker

Apply Now:

Learn more about this role and our team by applying at www.careers.nascar.com for consideration. 

We are a company unlike any other. At NASCAR, you will find a community of passionate individuals who care about the sport and are united in seeing it grow. We want you to bring your experience, skills and passion to our close-knit, high-energy environment in which our employees thrive and where you can prosper. We know the key to our success is our employees and we offer highly competitive salaries, a solid benefits package focused on wellness, and opportunities for you to grow and develop both personally and professionally. It won’t take you long to find out that you are on the right track here at NASCAR!

NASCAR is committed to fostering a diverse work environment where all employees feel valued and empowered. NASCAR is an Equal Opportunity Employer (EEO). We seek to attract and retain the best qualified people available. All qualified applicants will receive consideration for employment without regard to race, color, gender, gender identity and expression, age, national origin, disability, religion, sexual orientation, genetic information, pregnancy, veteran status or any basis that is protected by applicable law except where a bona fide occupational qualification exists.