Director - Information Security

About The Position

Requirements

• Bachelors degree (4-years) in Computer Science, MIS or Technology Forensics; or equivalent work experience.
• Certifications Required: CISSP, CISA, CISM or CRISC; or equivalent security certification.
• 7-10+ years of experience in roles of increasing responsibility in the technical fields of information security and/or compliance applications.
• 5+ years of demonstrated success and expertise in implementation of information security methodology, concepts, and analysis/monitoring.
• 3-5+ years of leadership experience, including demonstrated success in leading technical teams and delivering technical solutions.
• Broad technical background including enterprise networking, fire wall, storage, server infrastructure, database technologies, and operating systems and security.
• Experience with regulatory compliance issues such as FFIEC, OFCC, SEC and Federal Reserve, as well as SOX, GLBA and PCI.

Nice To Haves

• 5+ years of experience managing design and governance of corporate policies while ensuring compliance with legal and regulatory statutes.
• 2-3+ years of direct people leadership experience, including performance management.
• 2-3+ years of experience in successfully managing budgets (departmental and/or project).
• Strong presentation skills with proven ability to successfully interface with and influence at all levels (executives and technical staff).
• Excellent written and verbal communication skills with an emphasis on confidentiality, tact and diplomacy.
• Effectively delivers technical information to non-technical audiences and vice versa.

Responsibilities

• Provide strategic direction and day-to-day leadership to an information security team.
• Develop and maintain an effective organization with appropriate skills, structure, and direction to meet current and future business needs.
• Develop a team of high performing people through effective hiring, coaching and rigorous performance/talent management processes.
• Foster an innovative, collaborative, success-oriented team environment where resources are empowered and accountable.
• Work with the business and across technology to ensure a solid understanding of information security requirements, identify current and/or potential security risks and develop, implement and drive security strategies, solutions, methodologies and/or policies to strengthen the effectiveness of the Information Security Management organization.
• Collaborate with leadership and technology to prioritize information security initiatives based on business need and cost/benefit/risk analysis.
• Initiate regular, application security health checks and ensure strategy addresses identified issues/needs.
• Collaborate with stakeholders to determine current and future level of enterprise investment required to sustain compliant and robust security standards.
• Provide cost, feasibility and risk analysis to support and gain initiative approval.
• Ensure solution design and delivery meet requirements and expectations regarding cost, schedule and scope.
• Effectively oversee multiple projects/initiatives simultaneously.
• Oversee the design, implementation and management of monitoring tools and processes to identify security concerns, risks and incidents.
• Oversee security incidents to ensure prompt and effective remediation.
• Track and communicate status to senior leadership as appropriate.
• Ensure action plans are in place to address recurring or ongoing information security incidents.
• Ensure escalation and effective hand-off of issues to other technology groups as required.
• Develop, maintain and champion ISM requirements, policies, procedures and methodologies across the business and technology.
• Regularly review and lead change to drive continuous improvement.
• Execute and/or oversee the design and implementation of mechanisms for education and governance to ensure organizational compliance with policies and procedures.
• Act as a subject matter expert for security issues.
• Manage response to customer and regulatory requests with regard to information security services, mechanisms and safeguards, including regular communications with regulatory, privacy and legal stakeholders.
• Lead internal and external risk assessment activities, risk analysis and application or system-level vulnerability testing and reviews.
• Ensure compliance with security regulations such as PCI, GLBA, FFIEC, etc..
• Ensure vendor compliance with Ameriprise security requirements.
• Maintain up-to-date business domain knowledge and expert technical skills in information security technology and methodology.
• Provide expertise in the selection and implementation of information security tools and best practices, as well as recommendations on priority of initiatives and asset investments.
• Establish and maintain effective working relationships across business, operations and technology teams to credibly and collaboratively drive information security strategy and initiatives.