Director, Information Security

About the position

The Director, Information Security is a key member of Groups360's security team. The protection of data and systems from unauthorized access, intrusion, or tampering is a mission-critical function at Groups360, and the Director, IT Security Governance & Compliance is responsible for driving a strong compliance strategy across a diverse and global network. The Director will work in tandem with internal departments to ensure all technology conforms to the company's desired compliance and security posture, while developing a roadmap to elevate the company's security posture. A successful candidate for this position must have a strong base of knowledge and a proven track record of execution across both the technical and non-technical aspects of information security.

Responsibilities

• Develop, design, and implement the GRC strategy, working with business stakeholders to create a risk-based security plan.
• Develop long-range plan for the department and is a key participant in strategic planning for the Information Security function.
• Translate strategic goals and priorities into technical strategies and objectives.
• Verify compliance with existing policies and procedures, ensuring a consistent approach and thorough suite of controls.
• Monitor new and existing business systems for compliance, generate compliance requirements and recommend improvements as needed.
• Partner with internal and external stakeholders to make operational and project-related decisions, to resolve critical issues.
• Evaluate compliance with cloud-based security systems.
• Provide rigorous oversight of security systems and security configuration administration that reduces risk to enterprise systems and accounts.
• Outline key metrics, program progress, and future strategy to the Chief Information Security Officer.
• Partner with Chief Information Security Officer on compliance activities and leading compliance audits, to ensure continuous compliance with applicable regulations.
• Promote and implement a security compliance culture and awareness across the company.
• Build relationships with internal stakeholders, focusing on process alignment and seamless operations with security compliance.
• Act as a central point of contact and representative of security compliance for business functions.
• Provide the Chief Information Security Officer with security compliance KPIs and prioritization for improvement activities.
• Detect security compliance risks and recommend changes to business processes.
• Partner with the Chief Information Security Officer to assist in the development and management of the Cyber Compliance & Awareness Program.
• Collaborate with the Chief Information Security Officer to identify gaps in key processes such as access management and incident management.
• Oversee the maintenance and update of the Governance and Risk program documents.

Requirements

• Bachelor's degree in computer science, information technology, or related field preferred.
• 7+ years' Information Security experience with an emphasis on IT risk management and or compliance.
• 1-3 years of managerial experience preferred.
• Proficient in information security standards and industry regulations, including SOC, ISO 27000 series, GDPR, PCI DSS, etc.
• Security Certifications such as CISSP, CISA, CISM, and CRISC must obtain within one year of employment.
• Extensive knowledge in the assessment of security controls and security risk as well as management of remediation activities and programs.
• Extensive experience in managing and working with internal and external stakeholders, including auditors, IT executives and more.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics, and deliverables.
• Experience compliance in cloud environments (AWS, Azure, etc.) is a plus.
• Experience with vendor risk assessment methodologies.
• Experience working directly with external customers, auditors, and regulators.

Nice-to-haves

• Excellent verbal, written and group communication and presentation skills; ability to utilize communication skills to effectively influence across functions and business units as well as across different leadership levels.
• Excellent organizational & analytical skills and ability to multi-task in a fast-paced environment.
• Results-driven and execution-oriented personality, ready to take ownership and get results.
• Strong empathy for customers and a passion for revenue and growth.
• Proficiency in Microsoft Office 365 Suite: Word, Excel, PowerPoint, Project, SharePoint.