Director of Information Security & Compliance

About The Position

Requirements

• Informing - Provides the information people need to know to do their jobs and to feel good about being a member of the team, unit, and/or the organization; provides individuals information so that they can make accurate decisions; is timely with information.
• Comfort Around Higher Management - Can deal comfortably with more senior managers; can present to more senior managers without undue tension and nervousness; understands how senior managers think and work; can determine the best way to get things done with them by talking their language and responding to their needs; can craft approaches likely to be seen as appropriate and positive.
• Integrity and Trust - Is widely trusted; is seen as a direct, truthful individual; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn't misrepresent him/herself for personal gain.
• Conflict Management - Steps up to conflicts, seeing them as opportunities; reads situations quickly; good at focused listening; can hammer out tough agreements and settle disputes equitably; can find common ground and get cooperation with minimum noise.
• Problem Solving - Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.
• Perspective - Looks toward the broadest possible view of an issue/challenge; has broad-ranging personal and business interests and pursuits; can easily pose future scenarios; can think globally; can discuss multiple aspects and impacts of issues and project them into the future.
• Functional/Technical Skills - Has the functional and technical knowledge and skills to do the job at a high level of accomplishment.
• Planning - Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluates results.
• Priority Setting - Spends his/her time and the time of others on what's important; quickly zeros in on the critical few and puts the trivial many aside; can quickly sense what will help or hinder accomplishing a goal; eliminates roadblocks; creates focus.
• Standing Alone - Will stand up and be counted; doesn't shirk personal responsibility; can be counted on when times are tough; willing to be the only champion for an idea or position; is comfortable working alone on a tough assignment.
• 5-10 Years experience in an information security or cybersecurity role
• BS in Computer Science or related field, or equivalent experience
• The Director of IT Security and Compliance must have a current CISSP certification. If the candidate does not have this certification, they will need to obtain it.
• Position will require the frequent use and knowledge of MS Windows 7 and/or MS Windows 10, MS Word, MS Excel, MS PowerPoint, and MS Outlook.

Responsibilities

• Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
• Provide regular reporting on the current status of the information security program to enterprise risk teams and senior business leaders as part of a strategic enterprise risk management program, thus supporting business outcomes.
• Work with the vendors to ensure that information security requirements are included in contracts by liaising with business leaders throughout the organization
• Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
• Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
• Work with internal and external audit firms to ensure compliance with Sarbanes Oxley and other compliance requirements.
• Ensure IT General Controls are effective and operating successfully.