The IT Security and Compliance Director will be responsible for the development and implementation of the organizations Cybersecurity strategy. Must be able to translate risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. This position will also coordinate the IT organization's technical activities to implement and manage security infrastructure, and provides regular status and service-level reports to management. The individual is expected to interface with peers in IT, as well as with leaders across the business to both share the company security vision, and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation. This position will also be responsible for working with the business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
Working with IT Leadership will develop and manage IT Security’s annual budget
Responsible for the creation and maintenance of enterprise security documents, including but not limited to policies, standards, baselines, guidelines and procedures.
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. Perform and/or oversee internal audits.
Design, coordinate and oversee security testing procedures, including vulnerability testing, penetrations tests, and security audits, to verify the security of systems, networks and applications, and manage the remediation of identified risks.
Coordinate, develop and/or perform regular security awareness training to ensure consistently high levels of compliance with enterprise security documents. Support the creation/distribution of security awareness monthly newsletters.
Vendor relationship management: ensure that service levels and vendor obligations are met.
Develop, implement, and manage the security incident reporting policy and process
Participate in the design, maintenance and testing of an enterprise Business Continuity Plan and Disaster Recovery Plan
Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised industry standards, regulatory requirements, risk assessment techniques, security solutions and trends, improved security processes and the development of new attacks and threat vectors.
Must have one or more of the following certifications:
Certified Information Security Manager, CISM
Microsoft Certified Systems Engineer: Security, MCSE Security
Certified Information Systems Security Professional, CISSP
Certified Common Security Framework Practitioner, CCSFP
Knowledge, Skills, & Abilities
Must have international security / data compliance experience
Knowledge of PCI and SOX compliance preferred
Excellent client relation, verbal, written and interpersonal skills
Ability to identify priorities and manage tasks