Director, Information Security is responsible for establishing and maintaining corporate wide information security program to ensure that information assets are adequately protected.Primary Responsibilities and/or Essential functions
Knowledge Skills and Ability
- Work with IT Management to create overarching strategies for Information Security Operations.
- Provide guidance to Information Security Operations staff regarding all aspects of the day to day operations of the team.
- Facilitate technology-driven initiatives to enhance the security monitoring capabilities of the Firm.
- Oversee all Information Security projects.
- Act as a technology leader and project manager.
- Create and contribute to project schedules, approve tech steps in project schedules.
- Provide input re budgeting and staffing for development and implementation of initiatives and programs; manage expenditures of same.
- Develop and manage departmental budget.
- Advise IT management as well as other relevant areas of the firm on emerging security related technologies, their potential use and benefits. Includes competitive research to determine how peer firms may be using these technologies.
- Locate, negotiate and retain specialized consultants with skills and knowledge related to Information Security.
- Work with the Cyber Security Task Force to address strategic and operational concerns. Liaise with Head of Risk and Compliance on breaches and ongoing threats.
- Perform legal and compliance discoveries and investigations.
- Implement best practice in vendor selection, cyber security questionnaires, perform risk assessments for new and existing vendors.
- Responsible for all tasks as it relates to IT Security and compliance audits executed by internal or external resources.
- Liaise with the IT Applications team to ensure cyber security is considered and identify risk/issues and mitigations at the application level.
- Deliver metrics and reporting on all IT Security captured measurements, designed stopgaps and monitoring agents.
- Responsible for testing and execution of effective incident response procedures.
- Manage security incidents and events to protect company’s information assets, including intellectual property, and company’s reputation.
- Knowledge of Information Security concepts, best practices and regulations.
- Experience with implementation and support of Information Security related applications and tools.
- Project Management experience.
- Experience managing the integration of Information Security tools with other real-time systems and services.
- Understanding of web security best practices, data protection, audit trails, as well as privacy issues.
- Self-motivated person with excellent time management skills and project management experience.
- Ability to communicate with staff of varying technical expertise and experience.
- Requires a minimum of 5 year experience leading or supervising a team in an IT related field
- Ability to manage and act as the champion for system change and migrations.
- Drive and enthusiasm to work and complete assignments under tight scheduling deadlines in a team-oriented environment.
- 4 year bachelor’s degree or equivalent work experience.
- 15+ Years IS experience or equivalent in Architecture, Networking, Application Development, Information Security or Database Management.