Jobs

Director of Information Security

Posted on: January 28, 2021 Apply Now
Full-time Finance, Consulting, Entrepreneurship & BusinessExpires February 27, 2021

Summary

The Director of Information Security will be responsible for creating and executing strategies to ensure overall security of company systems. This role will collaborate with multiple departments, such as ITS, Product, Development, Legal, and Human Resources, to determine proper protocols, policies, audits, and training programs to meet the company’s goals. This strategic and tactical position reports to the General Counsel.

Responsibilities

  • Serve as the cybersecurity risk and information security subject matter expert for the company
  • Lead the company’s information security strategy and implementation to create a competitive advantage and be our customer facing “security expert”
  • Work with Product, Development, and Infrastructure to assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Develop, enhance, implement, and monitor a strategic, comprehensive enterprise information security and cyber risk management program
  • Ensure policies, procedures and protocols are being executed and amend, as necessary, to adhere to the latest legal protocols for information governance, security, and privacy mandates
  • Work directly with the business units to facilitate risk assessment and risk management processes and ensure policies, procedures and protocols are being executed
  • Participate in deployment of security technologies and program enhancements and ensure that resources are allocated correctly and efficiently
  • Continuously monitor the changing threat landscape of cybersecurity threats and vulnerabilities and appropriately respond to them
  • Develop strategies to handle security incidents and work with stakeholders to maintain a robust incident response plan, in conjuncture with the company’s DR/BCP
  • Lead the identification, reporting, and response to information security incidents and coordinate security investigations and/or recommended courses of action
  • Provide leadership, training and guidance to staff members and develop education programs on user awareness and security compliance for internal and external stakeholders
  • Partner with business stakeholders across the company to raise awareness of risk management concerns and develop mitigation strategies
  • Oversee audits of systems, including SOC 1& 2 certification processes and other security certification/assessments, and perform deep-dive analyses to address vulnerabilities and threat assessments
  • Assist in preparing financial forecasts and budgets for security operations and manage outsourced IT support providers
  • Develop metrics for measuring and improving the effectiveness of the overall information security plan and report them to the applicable executive management team members
  • Prepare technical reports and business presentations for executive management and other stakeholders
  • Perform ad-hoc projects and other duties as assigned

Professional Skills

These are the professional skills we would expect from an individual fully established in this role.

  • Customer Service – Advanced
  • Verbal Communication – Advanced
  • Written Communication – Advanced
  • Teamwork – Advanced
  • Relationships – Advanced
  • Negotiation – Advanced
  • Organizational Awareness – Advanced
  • Learning Agility – Expert
  • Analysis – Expert
  • Problem Solving – Expert
  • Process Orientation – Expert
  • Prioritization – Expert

Role Specific Skills

  • Knowledge of Information technology infrastructure library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment
  • Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies
  • Experience securing and navigating cloud platforms, such as AWS (Amazon Web Services), Azure, or GCP (Google Cloud Compute) platforms
  • Knowledge of common operating systems (e.g. Windows, Linux, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level
  • Computer Skills: Advanced proficiencies in Microsoft Word, Excel, PowerPoint, Outlook required

People Management Skills

  • Proficient in all people management processes, including recruitment, performance management and reward
  • Proficient in building, growing and developing a team; including department structure design and resourcing
  • Proficient in coaching and developing individual team members to reach their potential
  • Proficient in engaging multiple teams through communication, processes, personal impact and influence

Qualifications

Minimum Qualifications

  • Bachelor’s degree required
  • Master’s Degree preferred
  • 5+ years of experience in IT security
  • 3 years of management experience preferred

Other Relevant Qualifications

  • Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) certification required
Apply Now