Director IT Security
The Director of IT Security will be responsible for developing, implementing, and monitoring a robust, efficient, and effective enterprise cyber security, business continuance, and IT risk management program. This position will oversee and direct security programs and efforts across the company that govern the creation, administration and oversight of enterprise-wide information security activities. In addition, the Director of IT Security will identify and remediate security gaps, manage the Vulnerability and Vendor Risk programs and ensure compliance with all IT General Controls, SOX, and other requirements.
- Provides leadership, direction, and guidance in assessing and evaluating information security risks and trends, monitors evolving threats, risks and vulnerabilities and ensures compliance with security standards and appropriate policies. Performs including ongoing and annual risk assessments.
- Sets and reviews KPIs in all key functional areas relevant to the organization’s security practices and roadmap.
- Conducts regular reviews and internal audits. Collaborate closely with colleagues to surface information security risks and develop mitigation strategies, solutions, and policies.
- Develops, maintains, and publishes up to date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.
- Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.
- Collaborates with IT Operations, Software Development, and other technical and business functional leaders to implement changes and best practices to continuously improve the security posture of the enterprise.
- Performs random internal audits of IT functions to ensure compliance with policy, procedures, and best practices.
- Coordinates and tracks all IT and security related audits including scope of audits, units involved, timelines, auditing partners and outcomes. Works with internal and external auditors as appropriate to keep audit focus in scope. Provides guidance, evaluation and advocacy on audit responses and addresses audit findings as agreed upon.
- Evaluates potential security breaches, coordinates response and implements corrective actions.
- Serves as a member of the IT leadership team that initiates, facilitates, and promotes activities to foster information security awareness within the organization. Creates and maintains education and awareness programs and advises operating units at all levels on security issues, best practices, and vulnerabilities.
- Designs and manages disaster recovery and business continuity strategies and solutions
- Other duties as assigned or as the situation dictates
QUALIFICATIONS AND EXPERIENCE:
- 5-10 years of experience in a security role in a publicly held company with a diverse tech stack, spanning both cloud and on-prem environments
- One or more cyber security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or other relevant certifications required
- Deep Experience utilizing Windows, Linux, SIEM, Firewalls, IPS, DLP, Cisco, Palo Alto, and antivirus/anti-malware tools in an enterprise environment.
- Extensive experience in developing and managing strategic information security programs
- Comprehensive understanding and experience in various IT and security frameworks
- Experience with Compliance Management: Ability to plan, assess, monitor, deploy and report the state of compliance and any required mitigation and remediation activities (e.g., PCI, SOX, Data Privacy, SOC1/2, NIST, etc.)
- Experience with Monitoring Platforms: Ability to manage regular monitoring of platform and system activities, isolating problems and determining their cause. Gather data to forecast future technology needs and trends
- Ability to read, write, and comprehend English