Sr. Director, Information Security

About The Position

Requirements

• Bachelor's Degree or equivalent work experience plus 15+ years in Information Security equivalent experience focusing on infrastructure, architecture, risk management and security, including 5+ years in an information technology management role, 2+ years in a director level role
• Comprehensive understanding of information security tools, vendors, and solutions
• Expert understanding of a wide variety of information security incidents related to network intrusions, web-based attacks, malicious emails, root and user level compromises, malware, botnet infections and other anomalous activity
• Enterprise level policy and procedure development and ownership
• Experienced management capabilities, proven leadership qualities and solid track record of leading multiple security disciplines and teams
• Clear track record of building and managing enterprise security programs
• Active CISSP and/or CISM Certification required

Nice To Haves

• 5+ years' experience in ecommerce, equipment rental, retail, industrial, or commercial construction industries preferred

Responsibilities

• Oversight of information security operations including all aspects of detect and response
• Operate and maintain incident response program
• Define and establish information security and data protection strategies and directives
• Oversight of the Information Security Governance, Risk and Compliance program including but not limited to: PCI, DFARS, CMMC, CCPA, GDPR, and other emerging regulatory or compliance initiatives
• Define, implement, maintain and enforce information security policies and procedures
• Manage a diverse team of security managers, engineers, administrators, analysts and other cross-functional professionals
• Direct and approve Security Architecture across all Sunbelt systems, in partnership with the Enterprise Architecture Council
• Institute organization-wide information security awareness, protocols and procedures
• Assess, test and select new information security solutions and technologies
• Manage 3rd party risk through customer and supplier contract review and security questionnaire baselining for risk management and compliance
• Oversight of vulnerability management and penetration tests
• Manage information security audits and measurement
• Partner with legal on privacy policy and legal discovery
• Partner with development and support teams in establishing and maintaining a secure SDLC including defining baselines and standards
• Define and administer department and project budgets
• Govern identity management practices across all systems
• Align information security practices to business requirements, goals and initiatives in partnership with enterprise business units for information security delivery and business enablement, e.g., Legal, HR, Technology, Finance, Sales, Performance Standards, and Operations
• Oversee and direct information security needs for emerging and ongoing project's needs, e.g., business acquisitions, Greenfields, special cases as related to security management
• Communicate and deliver information security reporting and metrics to the organizational risk committee, executive leadership and cross functional team
• Act as a counsel and advisor to peers and the senior leadership for information security risk management
• Develop and Manage partner relationships in alignment with SBR strategy: including smart source planning, SOW work engagement, and cost negotiations

Benefits

• Health, Dental and Vision plans
• 401(k) Match
• Volunteer time off
• Short-term and long-term disability
• Accident, Life and Travel insurance, as well as flexible spending
• Tuition Reimbursement Options
• Employee Assistance Program (EAP)
• Length of Service Awards
• Flex Time for Leaders
• Medical/Dental/Vision Insurance
• 401(k) Retirement Plan - US
• RRS Plan - CAN
• Paid Parental Leave
• Paid Holidays and Paid Time Off