Director of IS Risk and Compliance
Posted on Oct 2, 2019 by Request Technology - Craig Johnson
* Permanent Full time role.*
Prestigious Global Company is currently seeking a Director of Information Security. Candidate will be responsible for the development, deployment, and governance of an Information Technology Risk Management program inclusive of a road-map and programs including: Risk and Compliance Assessment, Data Protection, Business Continuity/Disaster Recovery, Security and Awareness. The Director will research and apply industry standard practices while formalizing programs that support strategic, tactical and operational objectives of IT and the business. The Director will be will be a technically competent self starter with strong communication and project management skills and act as a key member if the IT organization.
Risk Assessment Program - Initiate a corporate wide Risk Assessment Program across all IT assets including selection of a software tool to facilitate the initial gathering and ongoing updates. Cyber Security Program Develop an enterprise level framework including defining, implementing and enforcing a program of policies, standards and practices for the protection of business information and resources. Administer a formal security incident response program and architecture that supports IT security policy. Awareness Program Promote and ensure DR and Security Awareness. Develop and oversee the execution of programs to educate all employees and contractors on security responsibilities. Governance Establish and facilitate an Information Cyber Security Steering Committee and Internal Auditors to serve as collective oversight in the development and maintenance of all Risk Management Programs. Executive Interfaces Communicate with executive management regarding the protection of IT Assets and status of Information Security through Operational Metrics, presentations, and recommendations.
Application of Industry Best Practices, NIST, GDPR, Sarbanes-Oxley (SOX), ISO, and PCI Data Security Standards and the specific technical requirements (data encryption, user access control, activity monitoring and event logging systems) and the administrative requirements (implementation of formal security policies and vulnerability assessment programs). Work strategically and collaboratively with the business and the IT organization. Partner with external Security experts to identify trends, and requirements, to determine solutions. Exceptional interpersonal and communications skills to provide direction and guidance to executive management, audit committee, internal departments as well as external partners. Able to identify, develop and ensure maintenance of security reporting metrics to support key decision makers. Must have unquestionable integrity Broad expertise in information technology with at least 15 years of overall experience, including security and disaster recovery. Experience with the compliance framework of SOX, ISO, and PCI.
CISSP, CISM, CISA or other industry certifications and a BA/BS degree highly preferred. Excellent verbal, written, communication and presentation skills to all organizational levels