The Director of Information Security is responsible for the developing and ensuring adherence to the organization’s information security strategy, programs, and best practices. This role also provides governance, oversight and accountability to security activities including but not limited to security awareness and training, data loss prevention, identity and access management, security incident response management, security monitoring, threat & intelligence, and vulnerability management.
Areas of Responsibility:
- Establishes and administers the overall strategies and procedures for the information security function
- Staffs and develops the Information Security organization
- Directs and approves the design of security systems
- Serves as the resident security expert and key resource to drive security initiatives and manage enterprise initiatives.
- Ensures compliance with the changing laws and applicable regulations (i.e. GDPR)
- Ensures cyber security policies and procedures are developed and communicated to all personnel and that compliance is enforced
- Constantly updates the cyber security strategy to leverage new technology and threat information
- Develops an active security awareness and education strategy and ensures compliance
- Identifies PII, SOX and HIPPA risks and develop mitigations plans
- Among various groups inside and outside of IT, including Corporate Compliance, Internal Audit, Finance, Legal, HR and Key Suppliers teams as required
- Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
- Reviews investigations after breaches or incidents, including impact analysis and provides recommendations for avoiding similar vulnerabilities
- Develops and implements a disaster recovery program and ties it with the overall WWP business continuity strategy
- Collaborates with departments (Legal, Human Resources, Audit, Operations, etc.) to drive alignment and operational success.
- Other duties as assigned
Educational Background:
Bachelor’s degree in Information Security, Information Technology, or a related field, required
Skills/Experience:
- Strong interpersonal and communication skills with demonstrated ability to establish strong cross-organizational partnerships
- Demonstrable experience running security education programs across development and infrastructure teams and across business employees as a whole
- Deep expertise in firewall, system, operating system configuration management, patching, anti-malware, and network architectures as well as in at least one Operations technical skill set (Network Engineering, Unix System Administration, Security Engineering, Database Management, etc.)
- Experience with authentication technologies (HMAC, SAML, OAuth)
- Experience with advanced anti-malware, web application firewalls, web filters, spam filters, firewalls, IDS/IPS, and vulnerability scanning tools
- Strong knowledge of information security threats, vulnerability management, and countermeasures and associated operational best practices
- Proven record of hiring, developing and leading security team members
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet business objectives and excellence in a dynamic high-tech environment
- Experience in developing, executing and testing disaster recovery and business continuity plans
- Mission-driven, guided by core values, and a pleasure to work with
Education & Experience Requirements
- A minimum of eight (8) years of staff management experience required (consistent w/ IT Ops & Apps director position)
- A minimum of five (5) years of experience in information security including information risk assessment, risk analysis, risk treatment, privacy, data protection, regulatory frameworks, control frameworks, as well as risk and security architecture and demonstrated experience in leading cyber incident response, required
- Practical knowledge in the areas of physical and logical security of applications, operating systems, databases, networks, and external cloud solutions required.
Certifications & Licensure
- CISSP or CISM certification a plus
Job Function:
Organization Info
Listing Stats
Post Date:
Jul 13 2018
Active Until:
Aug 13 2018
Hiring Organization:
Wounded Warrior Project, Inc.
industry:
Nonprofit