The Director of Information Security will be responsible for building an IT security framework, including policies, procedures, tools and metrics. This will be a “hands on” security leader who will plan, coordinate, direct, and design IT security efforts with internal and external resources to build and maintain a proactive security posture. The Director of Information Security must be capable of working in a fast paced environment with time sensitive materials, and maintain strict confidentiality due to the nature of the position.
Essential Job Duties: •Provide vision and thought leadership related to cyber security and overall IT security strategy aligned with the organization’s strategic initiatives. •Lead scoping, development and implementation of key IT security projects. •Define and implement IT and security policies, procedures, and best practices. •Work with decision makers in other departments to identify, recommend, develop, implement, and support cost-effective technology solutions. •Define and implement IT and security policies, procedures, and best practices. •Ensure organization is protected from security exposure with ongoing assessments and audits of internal and external systems. •Operate as internal subject matter expert on information security, risk monitoring, and security compliance. •Assess and work with peers to resolve security exposure within IT applications and infrastructure. •Establish annual and long-range security and compliance goals •Manage vendor relationships, contracts and evaluate business solutions to ensure quality service is delivered. •Establish and maintain the company’s IT Security Policies. •Monitor the IT security landscape (NIST, US-CERT, Homeland Security, InfraGard, etc.) and manage the company’s response to any applicable issues. •Lead IT in responding to and containing information security related incidents. •Develop and enhance an up-to-date information security management framework. •Work with the Risk and Governance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with laws and Client Guidelines. •Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
•Bachelor’s degree in computer science, information systems, computer engineering, electrical engineering, system analysis or related field of study, or equivalent experience required. •Professional security management certification such as CISSP, CCISO, CISM, and/or CISA required. •10+ years of experience in a combination of risk management, information security, and IT, all with 5+ years in a leadership role. •Previous project management experience preferred. •Proven track record and experience in developing information security policies and procedures, as well as successfully executing security programs. •Exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation. •Excellent written, verbal, communication, and presentation skills. •Excellent planning and organizational skills.