Director Enterprise Security
Posted on Jan 11, 2020 by Request Technology
A prestigious company is on the search for a Director of Enterprise Security. This role will split time between Chicago and Schaumburg. This person will have 4 direct reports and 20+ indirect reports. This person will be managing over all enterprise security operations including IAM engineering, billing systems, mobile applications, web services, platform and database systems, cloud services, etc. A degree is a must for this role and they need someone with a minimum 5 years of management experience.
- Create and execute the organization's Enterprise Security vision, strategy and tactical roadmap aligned with the Enterprise Architecture five year plan; partner with senior leadership in developing strategic security priorities.
- Develop and ensure implementation of Information Security (IS) strategies and architecture aimed at preventing cyber intrusions and attacks, protecting sensitive enterprise information, and responding to security incidents affecting enterprise information assets.
- Drive Enterprise Security initiatives in relation to securing assets, customer services delivery, and regulatory/audit compliance.
- Prepare, review, and manage a multi-million dollar annual operating budget plans and priorities for Enterprise Security, ensuring department budgets meet expected deadlines and corporate objectives for projected growth.
- Provide security guidance on all enterprise-wide security projects and activities as well as direction of all IS owned projects and technologies; consult with internal groups to determine and review security issues and threats to assess the risk to the organization.
- Assess and create Enterprise Security policies, procedures, and standards in order to improve overall effectiveness of internal Security controls.
- Oversee the continuous monitoring and protection of information processing resources and serve as the focal point for enterprise security incident response planning and execution.
- Partner with key internal stakeholders to identify potential risks and provide mitigation solutions while adhering to applicable local, state and federal laws, as well as industry standards; serve as primary point of contact to key leaders and stakeholders throughout the organization on information security matters.
- Ensure the organization's security infrastructure is designed to prevent revenue and data loss, preventing inappropriate and/or unauthorized access of company and/or customer information.
- Own, manage, and maintain the organization's Security Risk Management program including Vulnerability Management and ensure adaptation for changing threats and technological advances.
- Serve as the point of contact in overseeing the Enterprise Security Incident Response process, including coordination with internal departments, creating Root Cause Analysis (RCA) documents, ensuring remediation efforts, and reporting to the Executive Security Working Group, Audit Committee and Board of Directors as needed.
- Develop and maintain an enterprise-wide information security awareness, education and training programs.
- Ensure key performance indicators (KPIs) are met and threats/vulnerabilities are mitigated. This includes Security Incident and Event Management as well as daily threat analysis.
- Steer assessments and scope of critical enterprise class systems and infrastructure as well as PCI relevant infrastructure.
- Represent the company at industry conferences and represent the department at company meetings; serve as a spokesperson for company security policies to all levels of the organization. Lead and/or participate in departmental leadership initiative teams.
- Lead the Information Security team to design, implement, and integrate security solutions to address enterprise risks and exposures; provide leadership and direction to grow a strong, effective team which will positively contribute to the overall security and business goals of the organization.
- Bachelor's degree in Management Information Systems, Computer Science, Engineering, or related field.
- Ten (10) or more years' experience in Information Technology, Information Security, Network Security, or related experience particularly in Security design/architecture, implementation, and operations.
- Five (5) years' experience successfully managing and developing project teams.
- Five (5) years' experience in progressive management position and leadership roles.
- Cross-functional team leadership and risk mediation experience within an enterprise environments.
Obtained or demonstrates an active pursuit of one or more of the following certifications preferred: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH) certifications is preferred.