Lucas Group is seeking a Director, Information Security & Cyber Risk Management for a privately held company in the Chicagoland area. This role will direct and lead the Information Security and Cyber Risk Management program globally, developing appropriate security controls for business partners and service providers.
- Ensure IT strategies, practices and principles have a strong emphasis on security, while also ensuring that new products and solutions meet business requirements while maintaining a strong security posture.
- Ensure security compliance through audits, risk assessments and issue management in order to maintain a compliant, audit ready posture.
- Proactively work across the enterprise including sister companies as needed to ensure threat indicators are rated by severity and responded to in a manner consistent with the threat.
- Direct the day to day work of 2-3 direct reports.
- Develop, manage and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
- Identify, assess, and prioritize IT risks to data and systems, including external threats, cyber-crimes, internal threats and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
- Responsible for definition of the security architecture for cloud technologies. Provides security thought leadership across cloud domains and assures seamless integration into the enterprise security and risk framework. Assist in the definition of the strategy for overall cloud security functions.
- Lead Identity and Access Management (IAM) projects, including those involving Authoritative Source, Identity Management, Provisioning, Authentication, Authorization, Monitoring and Certifications, and Auditing and Reporting
- Builds solution architectures that meet Enterprise requirements and align with architecture principles and future architecture vision..
- Develops and maintains the Information Security and Cyber Risk Management architecture. Enhances guiding principles and technical standards that guide technology decisions.
- BS/BA Computer Science or equivalent related field of study required.
- An industry leading security certification required such as Certified Information Systems Security Professional (CISSP) or equivalent.
- Minimum of 15 years of diverse and progressive IT experience
- Minimum 10 years Information Security and Cyber Risk Management leadership experience
- Minimum 7 years people management experience
- Experience in Cloud and Privacy.
- Passion for technology and technical depth to uncover root causes of complex technical problems and provide guidance on solving them.
- Ability to build relationships and lead through influence, both with internal and external stakeholders.
- Ability to inspire and motivate a Security Engineering team to work together as a cohesive and highly productive unit.
- Ability to provide detailed technical guidance to the team, enabling them to execute more effectively and deliver products on time and within budget.
- Excellent communication skills with the ability to act as a thought leader in strategy discussions.
- Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HIPAA Privacy & Security, GDPR and other CMS regulations and guidelines.
- Knowledge of common information security management frameworks.