The Director of Information Security is responsible for overall security strategy, executing information security, and recommending best practice for infrastructure and application security. In this capacity, the Director of Information Security will identify and implement security practices, policies, and solutions. In addition, the Director of Information Security will act as a thought leader in security, keeping Colleagues and Executives educated.
Responsibilities / Essential Duties:
- The Director of Information Security supervises professional, technical and support staff as assigned.
- Deep knowledge of the managed sub-function and solid knowledge of the overall departmental function.
- Establishes and administers the overall strategies and procedures for the information security function.
- Develops and implements information security and disaster recovery programs in accordance with organizational information security standards.
- Lead responses to and recoveries from security incidents.
- Evaluates information risk on a regular time schedule and promotes information security awareness within the organization.
- Identify and propose security solutions; approving requirements, overseeing trials and evaluations.
- Creates functional strategies and specific objectives for the sub-function and develops budgets/policies/procedures to support the functional infrastructure.
- Deliver management and executive level KRI, KPI, and SLA reporting regarding security, risk, and effectiveness of mitigation.
- Establish and maintain a strong working relationship with peers, executives, and appropriate third parties.
- Provide off-hours support on an as needed basis.
- Set accurate expectations and meet deliverable deadlines while working in a team and information sharing environment.
Required Skills / Knowledge:
- High degree of initiative, dependability; experience managing multiple, simultaneous, and high-profile information security initiatives and responses.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgement and maturity.
- Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and deep knowledge and understanding of relevant legal and regulatory requirements/standards, including but not limited to: Health Insurance Portability and Accountability Act of 1996 (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act, and EU General Data Protection Regulation (GDPR).
- Experience in designing and managing new and existing security systems.
- Ability to advise infrastructure and applications staff in securing their respective environments.
- Exhibit strong written and verbal communication skills, interpersonal and collaborative skills.
- Strong ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs.
- Ability to create and deliver presentations on security topics to large audiences such as User Groups and Conferences.
Education / Previous Experience:
- Bachelor’s degree in Computer Science, Information Technology or related field. Master’s degree preferred.
- A minimum of 10 years’ experience in Information Security, risk assessment, secure architecture, vulnerability management, and IT audit
- A minimum of 5 years’ experience in cloud security, agile development practices, and the software industry
- Demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including executive management, IT leaders, and technology vendors
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP or similar credentials is preferred
- Strong written and verbal communication skills
- Ability to maintain calmness and clarity of thought under pressure and ability to maintain confidentiality
- Hands-on experience with at least 5 of the following: vulnerability scanning, firewall, antivirus& malware analysis, proxy, IDS/IPS, log correlation tools, SIEM, DLP, NAC, and application firewall solutions
- Experience using Microsoft Office and Visio to create documents, presentations, and detailed drawings
- Good technical writing, documentation, and communication skills are required
- Some travel and international travel required