The Director, Information Security is responsible for establishing and maintaining a Corporate-wide Information Security Program to help ensure ikaSystems’ information assets are protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets regulatory requirements as well as the risk culture of ikaSystems. The Director, Information Security will proactively work with departments and business units to implement practices that meet corporate standards for information security and business resumption, and monitor and report practices that are exceptions to policy standards as well as mitigating actions to manage overall risk.
- Provide leadership to the company’s information security programs, including developing and managing the Corporate Information Security Program (CISP) and related policies, standards and guidelines.
- Provide leadership to the information risk assessment process, including developing and managing the information risk assessment and reporting processes.
- Work proactively with IT and business unit management with respect to strategic and tactical plans for information security and business resumption management.
- Work proactively with IT and business units regarding major systems and application changes to help ensure that information security standards and issues are addressed early in a project’s life and incorporated into the resulting program.
- Provide leadership to the corporate incident response process, including developing and managing corporate guidelines and coordinating with others that have specific roles and elevating issues to Management.
- Facilitate periodic team meetings with department Corporate Information Security Risk Management (CISRM) leads to promote continued awareness of standards, completion of critical CISRM initiatives (e.g. risk assessments, BRP testing, etc.) and to provide related training.
- Monitor and advise management of industry and regulatory changes affecting information security, working proactively to help the company understand and implement appropriate changes.
- Monitor corporate-wide efforts to comply with corporate information security policies, IT regulatory expectations and corporate information security initiatives.
- Oversee a process to monitor information security controls within the IT Department and the business units for exceptions to established policy standards, security violations, significant system changes and risk mitigation initiatives.
- Oversee a process to monitor vendor management oversight required by regulatory guidance related to third-party risk.
- Provide periodic CISP status reports to the Audit Committee and senior management, as appropriate.
- Promote information security awareness throughout the company via training activities
- Partner with Human Resources, Legal and Corporate Security on processes and issues that relate to information security and protection of information assets.
- Work with outside consultants and regulators on independent security reviews, as needed.
- Contribute to the department strategic planning process by working with the CTO to develop and implement department strategic plans and action steps that support the corporate strategic objectives and plans.
- Prepare CIS budgets and monitor variances.
- Perform supervisory duties for staff, as necessary. This will include hiring, training, staff development, and preparing performance appraisals and annual compensation review.
- As necessary, coordinate the use of external resources including, but not limited to, interviewing, negotiating contracts and fees, and managing the external resources.
- Lead or participate in corporate level projects and the review of systems development initiatives.
- Maintain an awareness of bank, industry, technical and professional developments and best practices and make appropriate adjustments to the CISP program as needed.
- Assume additional duties as they arise and be responsive to the needs of the entire organization.
- Minimum of 8 to 10 years of experience in a combination of risk management, information security and IT jobs.
- Degree in Business Administration or a technology-related field, or equivalent work- or education-related experience.
- Familiarity with regulatory and compliance requirements including HIPAA, PCI, and GLBA
- Demonstrated familiarity with administration and use of both Windows and Linux systems
- Demonstrated familiarity with administration and use of networking devices including Cisco routers and switches, Extreme networks switches, wireless access points, Checkpoint firewalls, various IDS/IPS, and VPN devices.
- Working knowledge of IP-based protocols including the ability to perform network traffic analysis
- Membership in regional and national security organizations such as ISSA, ISC2, ISACA, ACFE, HTCIA, ECTF, Infragard, etc. desired
- Professional certification as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other industry recognized information security credential is preferred.
- Knowledge of network technology and information security monitoring practices.
- Knowledge of Software Development Life Cycle (SDLC) and Project Management (PM) processes.
- Proficient with personal computers, experience with Microsoft software is preferred.
- Effective oral and written communication skills.
- High level of personal integrity, ability to professionally handle confidential matters, and reflect appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision.
- Effective project management skills and the ability to work on multiple concurrent projects.
- Experience in Managing a team of 1+ employees as well as developing team members, and building a team.
- Effective organization skills, ability to learn quickly, be accurate and timely in completing responsibilities, with strong attention to detail.
- Strong group facilitation skills.
- Ability to work cooperatively with, and maintain effective communication and working relationship with, co-workers and manager.
- Ability to accept and facilitate change, whether indicated by corporate needs, market or regulatory requirements.
- Limited travel may be required
ikaSystems Corporation - 17 months ago