Senior Director of Information Security

Show job

Summary                 

Experienced senior management level role within the Technology Services Department focusing on information security best practices, regulatory compliance, risk management and policy development.

The Sr. Director of Information Security is responsible for providing technical leadership around ISC’s Information Security Practice.  The position is a hands-on management and engineering role in the Information Systems Team.  The selected candidate is expected to be able to act in leadership roles and interface with a variety of team members throughout the organization.  The candidate will lead a team of security specialists focused on IT compliance and IT security.  Candidate is expected to be highly experienced in Systems Administration Practices, Software as a Service Applications and Compliance Management of SOX, PCI DSS, FRCP, PII (including HIPAA) and others.  Requires one of two industry recognized certification credentials:  Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), Certification as an Ethical Hacker is a plus but not required.

 

Responsibilities

Information Security Expert

  • Serve as an internal information security consultant to the organization monitoring advancements in information security technologies.

  • Monitor changes in legislation and accreditation standards that affect information security. Stay abreast of the latest thinking, technologies, and security literature.

  • Initiating, facilitating, and promoting activities to foster information security awareness within the organization.

Security Management/Leadership

  • Ability to lead a team of direct reports responsible for Access Administration and Security Analyst functions.

  • Ability to lead cross functional teams from Human Resources, Legal, Marketing, Technology and others in the management of day to day activities associated with Information Security

  • Ability to lead cross functional project teams in the fulfillment of a project initiative

  • Responsible to work with broad team to complete annual PCI compliance and certification process. 

  • Point of contact for cyber liability insurance carrier.  Work closely with our Risk team to stay aligned to renewals, changes, etc.

  • Prepare key management reporting relating to the state of IT security for quarterly ISC audit committee updates.

  • Accountable for management of annual ISC security awareness training.

  • Prepare the annual operating and capital budget for IT Security.  Review monthly expenses and ensure forecasting is accurate representing anticipated spend.

  • Lead the IT Security Compliance Steering committee.  Engage the committee on relevant IT security concerns that may impact business.

Secure Systems Management

  • Ability to plan and organize work consistent with the strategic goals of ISC

  • Identify priority activities and assignments and to ensure the effective monitoring and implementation of work plans

  • Reviewing all system-related information security plans throughout the organization's network.

  • Monitoring and reporting of IT security events, incidents, and vulnerabilities.

  • Ensure the integrity of host computers, servers, databases, laptops, firewalls and other devices for secure data transfer.

  • Troubleshoot and repair information security tool implementations.

  • Assist efforts to determine information security frameworks, requirements, direction and system recommendations.

  • Maintain existing capabilities, make recommendations and implement appropriate up to date security technologies such as encryption, anti-virus software etc. as needed.

  • Configure existing technologies in an effort to solve operational issues.

Internal Control Management

  • Monitor internal IT control systems to ensure that appropriate information access levels and security clearances are maintained.

Risk Assessment

  • Performing information security risk assessments and serving as the internal auditor for information security processes.

  • Perform annual penetration testing and risk assessments against assets and processes.

Disaster Recovery/Business Continuity

  • Assist in preparing the organization's disaster recovery and business continuity plans for information systems.

Policy and Procedure

  • Documenting the information security policies and procedures.

  • Implementing the organization's information security policies and procedures.

  • Monitoring compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate department managers or administrators.

Documentation

  • Compile, deliver, and maintenance of security/compliance documentation for internal and external consumption.

Additional responsibilities as assigned by management.

 

Qualifications

 Technical Skillsets

  • Competent with IDS/IPS systems operations

  • Competent with Application and Infrastructure Scanning Systems

  • Competent with Data Loss Prevention Products

  • Competent with Internet Filtering Products

  • Competent with Identity Management Solutions

  • Competent with Security Log Management Solutions

  • Capable of performing organization Information Systems Risk Assessment

  • Capable of performing organization Attack and Penetration Testing

  • Capable of coordinating Sarbanes Oxley Act Compliance Management

  • Capable of coordinating Payment Card Industry Compliance Management

  • Capable of coordinating Health Insurance Portability and Accountability Act Compliance Management

  • Capable of coordinating Litigation Data Preservation Actions in accordance with the Federal Rules of Civil Procedure and associated rulings

  • Capable of coordinating compliance actions associated with other compliance regulations

Professionalism

  • Professional competencies in computer engineering or related field of work

  • Conscientious and efficient in meeting commitments, observing deadlines and achieving results

  • Able to work independently with minimum supervision

  • Capable of preparing reports and papers on technical issues

  • Proven analytical skills to arrive at sound conclusions when dealing with complex issues

  • Ability to contribute to the development of policies and to interpret procedures and guidelines

Communication

  • Excellent skills in communicating with people from different backgrounds and technical abilities

  • Ability to communicate to Executive Leadership

  • Ability to communicate complex technical items to non-technical individuals in a succinct and clear fashion

Customer Orientation

  • Skillful in identifying customer needs and establishing and maintaining effective relationships with internal and external stakeholders

Decision-making

  • Ability to make sound and timely decisions

 

 Education & Experience

  • Bachelor’s degree or an equivalent combination of education and experience.
  • 5 years of experience with Information Security in a large enterprise environment. Ideally the candidate will have previous experience as a systems administrator and security analyst at the senior level.

 

Certification Requirements

  • Requires one of two industry recognized certification credentials:  Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), Certification as an Ethical Hacker is a plus but not required.