Director | Information Security

The Information Security Directoris  responsible for the development and oversight of a comprehensiveinformationsecurity, compliance and privacy program. The scope of this position is global and requires a working knowledge of the various regulations. This role is responsible for the integration of IT systems withsecuritypolicies andinformationprotection strategies. The role is also responsible for developing, maintaining, and publishing privacy andinformationsecuritystandards, procedures, and guidelines for use within the IT organization.

This position will require some day-to-day, hands on management of the various applications used forinformationsecurity company wide. The candidate will make suresecuritypolicies, standards and procedures are established and enforced. The candidate must be prepared to provide presentations to Audit Committee on companysecurityposture exhibiting professionalism and maturity at all times.

Job Responsibilities include (but are not limited to):

• Develops and maintains a risk strategy that formalizes risk into a comprehensive program for management to assess areas of concern.
• Maintains a governance program that ensures all Information
  
  Security controls are adequately maintained and reported.
• Works with business teams to maintaininformationsecuritypolicies, procedures, and standards and assists the various departments and practice groups in adhering to them
• Develops, publishes, and maintains a comprehensive organization-wideinformationprivacy and security strategy, plans, policies, procedures, and guidelines.
• Manages the development, implementation, and maintenance ofsecuritypolicies, standards, and guidelines.
• Directs the development and enforcement ofinformationsecurityand privacy policies in compliance with federal and state regulations and standards.
• Coordinates the development of an ongoinginformationsecurityawareness and knowledge program to ensure that employees are aware of threats and how to help ensure privacy of company information.
• Identifies currentsecurityinfrastructure and defines what kind ofsecuritymust be designed and implemented in order to meet organization requirements.
• Work with legal to ensure data protection practices are consistent with international regulatory requirements.
• Researches and maintains proficiency in tools, techniques, countermeasures, and basic trends in computer and network threats and exploits.
• Maintains appropriatesecuritymeasures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted clientinformationand reasonably protects against anticipated threats and vulnerabilities
• Conducts risk analysis and assessments to ensure there are solutions in place to mitigate those risks.
• Assists in the responses to RFI FPs and security related concerns.
• Provides management with up to dateinformationon the different threats andsecurityvulnerabilities that the organization may face.
• Ensures compliance through adequate training programs and oversight of periodic internalsecurityaudits.
• Serves as active participant in Information Security Steering  Committee and serves as IT owner for security-related incident responses

Technical Skills Required:

The successful candidate must possess a strong understanding of the following:

• Technical implications ofsecuritythreats and vulnerabilities
• Technical analysis and evaluation of network andsecurityvulnerabilities, and managingsecuritysystems such as anti-virus, firewalls, patch management, intrusion detection and encryption
• Vulnerability scanning, intrusion detection, anomaly detection, and associated technologies
• Intrusion Detection revention Systems, firewalls, ACLs and encryption technologies
• Tools, techniques, and standards used to conduct penetration testing of networks and applications
• The latestinformationsecuritythreats & vulnerabilities and appropriate countermeasures
• Best Practices related to information omputer forensic investigation processes and techniques
• TCP/IP and other related protocols

Soft Skills Required:

The successful candidate must possess the following soft skills:

• Must be an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicateinformationsecurity-related concepts to a broad range of technical and non-technical staff
• Must demonstrate the ability to maintain strict confidentiality of company internal and personnel affairs.
• Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment
• Ability to deal with changes and adapt to a changing environment
• Ability to work well with others, harness different skills and experience, and build a strong sense of team spirit
• Highly self-motivated and directed
• Ability to work in a multi-office environment and willingness to travel to other offices as required
• Excellent verbal communication and writing skills
• Presentation Skills – Prepare and deliver formal and…