Director of Enterprise Information Security
Posted on Mar 18, 2020 by Request Technology - Craig Johnson
Prestigious Enterprise Company is currently seeking a Director of Enterprise Information Security.
Candidate is responsible for ensuring the overall security of Enterprise Information Systems, Assets, and Resources by translating business needs into policies, procedures, and controls into a cohesive security program that appropriately accounts for the rapidly changing threat landscape.
This position will play a strategic role in providing critical leadership and overarching vision on security architecture, business assurance activities, and serve as company's expert in the field of Enterprise Security technology. Further, the Director of Enterprise Security will be accountable for security operations, delivery, and architecture for the enterprise class systems.
The position will build and develop an Enterprise Security architecture that encompasses the vision and strategy including standards, guidelines, and future needs as related to information security. Candidate will spearhead several, concurrent Enterprise Security projects such as the delivery of the enterprise security portfolio, enterprise security plan and budget development and support, and all aspects of security related to infrastructure operations projects. Candidate will provide leadership and direction for all Enterprise Security Operations.
- Create and execute the organization's Enterprise Security vision, strategy and tactical road-map aligned with the Enterprise Architecture five year plan; partner with senior leadership in developing strategic security priorities.
- Develop and ensure implementation of Information Security (IS) strategies and architecture aimed at preventing cyber intrusions and attacks, protecting sensitive enterprise information, and responding to security incidents affecting enterprise information assets.
- Drive Enterprise Security initiatives in relation to securing assets, customer services delivery, and regulatory/audit compliance.
- Prepare, review, and manage a multi-million dollar annual operating budget plans and priorities for Enterprise Security, ensuring department budgets meet expected deadlines and corporate objectives for projected growth.
- Ensure the implementation of new technologies, policies, and procedures for optimal business operations.
- Provide security guidance on all enterprise-wide security projects and activities as well as direction of all IS owned projects and technologies; consult with internal groups to determine and review security issues and threats to assess the risk to the organization.
- Assess and create Enterprise Security policies, procedures, and standards in order to improve overall effectiveness of internal Security controls.
- Oversee the continuous monitoring and protection of information processing resources and serve as the focal point for enterprise security incident response planning and execution.
- Partner with key internal stakeholders to identify potential risks and provide mitigation solutions while adhering to applicable local, state and federal laws, as well as industry standards; serve as primary point of contact to key leaders and stakeholders throughout the organization on information security matters.
- Ensure the organization's security infrastructure is designed to prevent revenue and data loss, preventing inappropriate and/or unauthorized access of company and/or customer information.
- Own, manage, and maintain the organization's Security Risk Management program including Vulnerability Management and ensure adaptation for changing threats and technological advances.
- Serve as the point of contact in overseeing the Enterprise Security Incident Response process, including coordination with internal departments, creating Root Cause Analysis (RCA) documents, ensuring remediation efforts, and reporting to the Executive Security Working Group, Audit Committee and Board of Directors as needed.
- Develop and maintain an enterprise-wide information security awareness, education and training programs.
- Ensure key performance indicators (KPIs) are met and threats/vulnerabilities are mitigated. This includes Security Incident and Event Management as well as daily threat analysis.
- Steer assessments and scope of critical enterprise class systems and infrastructure as well as PCI relevant infrastructure.
- Represent the company at industry conferences and represent the department at company meetings; serve as a spokesperson for company security policies to all levels of the organization. Lead and/or participate in departmental leadership initiative teams.
- Lead the Information Security team to design, implement, and integrate security solutions to address enterprise risks and exposures; provide leadership and direction to grow a strong, effective team which will positively contribute to the overall security and business goals of the organization.
- Bachelor's degree in Management Information Systems, Computer Science, Engineering, or related field.
- Ten (10) or more years' experience in Information Technology, Information Security, Network Security, or related experience particularly in Security design/architecture, implementation, and operations.
- Five (5) years' experience successfully managing and developing project teams.
- Five (5) years' experience in progressive management position and leadership roles.
- Cross-functional team leadership and risk mediation experience within an enterprise environments.
- Demonstrated track record with re-engineering/process improvement.
- Demonstrate expertise in security market awareness as well as insights into cutting-edge technologies.
- Demonstrated experience and expertise in one or more of the following areas: Security/IT architecture, penetration testing, application security assessments and/or regulatory compliance assessments.
- Ability to assess Information Security and/or Compliance Risks, understand business needs, and apply defined information security policies and architectures in order to develop effective deliverables.
- Ability to develop and maintain highly effective relationships, internally and externally.
- Positive "can do" attitude with focus on the success of the team over individual accomplishments.
- Excellent interpersonal, planning, organizational, prioritization, presentation, analytical, problem solving, oral and written communication skills
- Comfortable with change management specific to initiating, shaping and managing change.
- Ability to perform competently in high-pressure, high-stress situations.
- Ability to be on call or assure critical incident response 24x7x365.
- Obtained or demonstrates an active pursuit of one or more of the following certifications preferred: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH) certifications is preferred.