6735 Forest Lawn Drive
Contract To Hire
Job Category: Security
Job Number: 19735
Director of Information Security
We are constantly aiming for higher goals that depend upon growth-minded individuals who share our core values and vision.
If you are looking for a workplace where you can make a positive impact for our members and opportunities for advancement, read on!
Our client has an exciting new role for a Director of Information Security (ISO) to oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, and facilities. This is a key role within the organization that helps bridge the Information Security and Risk Management Departments.
Information security development, education and enforcement of internal key controls to include the following:
- Work with the VP of Risk Management, Chief Information Officer (CIO), and other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
- Develop, maintain, and publish up-to-date security policies, standards and guidelines.
- Oversee the dissemination of security policies and best practices; and implements Cyber Security Awareness training program for all employees, contractors, and approved system users.
- Implement comprehensive Enterprise Information Security and IT Risk Management programs to ensure the integrity, confidentiality, and availability of information.
- Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness through collaboration with the human resources training department.
- Responsible for development, implementation, and testing of the information security incident response plan.
- Identify protection goals, objectives and metrics consistent with corporate strategic plan.
Information security auditing, tracking and reporting to include the following:
- Measure, monitor, and report to Board committees on various security items such as: patch deployment, vulnerabilities, password management, network scans and maintain meeting minutes of security discussions.
- Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security, access control systems.
- Directs penetration tests, vulnerability scans and the vulnerability management program. Creates remediation plans to address relevant security findings.
- Oversee incident response planning as well as the investigation of security breaches, and assist manager and/or Human Resources with legal matters associated with such breaches as necessary.
- Support the vendor management program and perform risk assessments on technology vendors, service providers and their products. '
Managing information security outside resources to include the following:
- Oversee a network of security stakeholders and vendors who safeguard the company' s assets, intellectual property and computer systems.
- Work with outside consultants as appropriate for independent security audits. Track progress and maintain responses to third party technology audits.
- Work as a liaison to information security related vendors to establish mutually accepted contracts and service-level agreements.
- Maintain relationships with local, state and federal law enforcement and other related government agencies.
- Education: Bachelor' s degree, preferably in Management Information Systems, Computer Engineering, or Computer Science.
- Experience: Must have 7+ years of information security experience, with increasing management/leadership responsibilities, preferably in the financial services industry
- Must be able to communicate security-related concepts to a broad range of technical and non-technical staff. Requires the ability to communicate effectively in writing, with individuals and groups.
- Strong proficiency in MS Office including Outlook, Excel and Word.
- Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
- Must have working knowledge of pertinent law and the law enforcement community.
- Must have a solid understanding of information technology and information security. Requires experience operating or assessing IT components such as data centers, networks, server and workstation operating systems, infrastructure components, databases, and application code.