Director | Information Security

Job Description:

The Information Security Director is responsible for the development and oversight of a comprehensive information security, compliance and privacy program. The scope of this position is global and requires a working knowledge of the various regulations. This role is responsible for the integration of IT systems with security policies and information protection strategies. The role is also responsible for developing, maintaining, and publishing privacy and information security standards, procedures, and guidelines for use within the IT organization. This position will require some day-to-day, hands on management of the various applications used for information security companywide. The candidate will make sure security policies, standards and procedures are established and enforced. The candidate must be prepared to provide presentations to Audit Committee on company security posture exhibiting professionalism and maturity at all times.

Job Responsibilities include (but are not limited to):

• Develops and maintains a risk strategy that formalizes risk into a comprehensive program for management to assess areas of concern.


• Maintains a governance program that ensures all Information Security controls are adequately maintained and reported.


• Works with business teams to maintain information security policies, procedures, and standards and assists the various departments and practice groups in adhering to them


• Develops, publishes, and maintains a comprehensive organization-wide information privacy and security strategy, plans, policies, procedures, and guidelines.


• Manages the development, implementation, and maintenance of security policies, standards, and guidelines.


• Directs the development and enforcement of information security and privacy policies in compliance with federal and state regulations and standards.


• Coordinates the development of an ongoing information security awareness and knowledge program to ensure that employees are aware of threats and how to help ensure privacy of company information.


• Identifies current security infrastructure and defines what kind of security must be designed and implemented in order to meet organization requirements.


• Work with legal to ensure data protection practices are consistent with international regulatory requirements.


• Researches and maintains proficiency in tools, techniques, countermeasures, and basic trends in computer and network threats and exploits.


• Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted client information and reasonably protects against anticipated threats and vulnerabilities


• Conducts risk analysis and assessments to ensure there are solutions in place to mitigate those risks.


• Assists in the responses to RFI\RFPs and security related concerns.


• Provides management with up to date information on the different threats and security vulnerabilities that the organization may face.


• Ensures compliance through adequate training programs and oversight of periodic internal security audits.


• Serves as active participant in Information Security Steering Committee and serves as IT owner for security-related incident responses

Technical Skills Required:

The successful candidate must possess a strong understanding of the following:

• Technical implications of security threats and vulnerabilities


• Technical analysis and evaluation of network and security vulnerabilities, and managing security systems such as anti-virus, firewalls, patch management, intrusion detection and encryption


• Vulnerability scanning, intrusion detection, anomaly detection, and associated technologies


• Intrusion Detection\Prevention Systems, firewalls, ACLs and encryption technologies


• Tools, techniques, and standards used to conduct penetration testing of networks and applications


• The latest information security threats & vulnerabilities and appropriate countermeasures


• Best Practices related to information\computer forensic investigation processes and techniques


• TCP/IP and other related protocols

Soft Skills Required: 

The successful candidate must possess the following soft skills:

• Must be an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical staff


• Must demonstrate the ability to maintain strict confidentiality of company internal and personnel affairs.


• Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment


• Ability to deal with changes and adapt to a changing environment


• Ability to work well with others, harness different skills and experience, and build a strong sense of team spirit


• Highly self-motivated and directed


• Ability to work in a multi-office environment and willingness to travel to other offices as required


• Excellent verbal communication and writing skills


• Presentation Skills – Prepare and deliver formal and informal presentations to illustrate ideas, solutions and issues to upper management


• Intermediate project management experience


• Must have strong documentation\technical writing skills

Education and Experience: 
 

• The candidate must have extensive experience in information security with a technical background in computer science, mathematics, engineering, or a related field.


• This technical background must be balanced with effective management skills, because the Director of Information Security must interact with people at all levels of the organization.


• Experience with disaster recovery planning and testing, auditing, risk analysis, business resumption planning, and contingency planning


• Bachelor's degree in Computer Science, Engineering, Mathematics or related disciplines (or equivalent experience)


• 10+ years practical experience in IT security related positions (IT Security Director, IT Security Manager, Security Auditor, Security Analyst, etc.)


• CISSP, CISM, CISA, CEH, ITIL, and Project Management certifications preferred.