The Director, IT Security & Privacy will ensure Club Car operates securely by developing practical, robust IT security and privacy processes and systems which protect the company's business, data, customers, suppliers and teammates.
Maintain Club Car's IT Incident Response Plan, including incident escalation framework and key incident-specific playbooks (e.g., ransomware), and serve as lead cybersecurity representative in incident response.
Ensure appropriate tactical incident response protocols and processes to detect, respond, and remediate cybersecurity events.
Oversee investigation capability, to include leveraging internal and external forensics and evidence collection and preservation, under the supervision of the legal counsel, as appropriate.
Conduct tabletop exercises to build response capability at all levels.
Lead after-action reviews and identify and implement lessons learned to drive security improvements.
Develop and implement Club Car's comprehensive cybersecurity strategy and roadmap, reflecting the Club Car's operational drivers and desired business outcomes, risk tolerance, and evolving risks, threats, and vulnerabilities.
Extensive knowledge of information security principles, cybersecurity frameworks (e.g., CIS, NIST, ISO 27001), and risk management practices.
Develop senior leader awareness and buy-in of cybersecurity program and initiatives, including reporting to leadership on cyber initiatives and strategy, program assessments, changes to risk profiles, and specific events.
Assess current MSSP and MSP cybersecurity teams and define program governance, including defining roles and responsibilities.
Establish, with senior leaders, cyber risk thresholds and risk management approach.
Build and implement cyber risk quantification and risk prioritization of initiatives.
Develop protocols to periodically review the appropriateness of the cybersecurity program, inclusive of administrative and technical controls and processes, with such review to include risk assessments, industry standard compliance reviews, and periodic, risk-based penetration testing.
Coordinate with senior leadership to ensure adequate resourcing of cybersecurity program.
Oversee people, processes, and technology at all levels of the cybersecurity program to enable global operations.
Develop and maintain all relevant information security policies and procedures, including for network infrastructure, specific applications, and services.
Develop and maintain designated risk-based cyber safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
Develop secure lifecycle processes and operations, reflecting risk, threat, and vulnerability identification.
Ensure continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate.
Manage cybersecurity audits, inclusive of client security audits and RFPs.
Oversee development and implementation of role-based cybersecurity awareness programs and trainings.
Lead company cybersecurity identity governance access and privileged access management solutions.
Collaborate closely with legal counsel to ensure cybersecurity program meets all legal and contractual requirements.
Manage, in close collaboration with IT team, all aspects of security for technology initiatives.
Conduct regular internal and coordinate external security assessment and penetration tests to proactively test the effectiveness of security controls.
Coordinate with compliance on remediation and program management.
Assist in the design and implementation of disaster recovery procedures, integration points with business continuity and managing the rollout of IT-enabled recovery and continuity procedures.
Bachelor's degree in Computer Science, Information Technology, System Administration, or a closely related field.
Preferred Master's degree in Computer Science, Information Technology.
10+ years of prior relevant experience in a Global setting.
Relevant Certifications: CISSP, CCEP, CISM or other related field certifications highly preferred.
Technical expertise of cloud architectures, especially Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure, networks, routers and switches, wireless technologies, active directory, and leading software applications.
Background in modern information security frameworks, technologies and practice.
Experience in accrediting IT systems against multiple standards including NIST and working knowledge of relevant legal requirements including GPDR and CCPA.
Experience supervising managed security service providers (MSSP) and working with infrastructure managed service providers (MSP).
Experience overseeing vendor security audits and developing, implementing and maintaining a vendor risk management program.