Head of Department, Security

Purpose :

Oversee the development, implementation, and monitoring of a strategic, comprehensive enterprise information security / cybersecurity program. Ensure information and data assets as well as technologies are adequately protected from both internal and external threats. Plan and implement security hardware and software, making sure IT and network infrastructure is designed around best security practices. Stay abreast of possible security threats, oversee real-time analysis of immediate threats, and actively work to prevent them from occurring. Implement threat modeling, formulate application security procedures, and resolution plans. Work across business units to identify and address security observations and findings. Responsible for integrating security plans and policies with the organization's business process, training others on security procedures, purchasing security products, and ensuring that security practices are being followed. Evaluate system vulnerability and recommend security improvements.

Job Responsibilities:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.

• Work directly with the business units to facilitate risk assessment and risk management processes.

• Develop and enhance an information security management framework.

• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.

• Provide leadership to the enterprise's information security organization.

• Partner with business stakeholders across the company to raise awareness of risk management concerns.

• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

• Documents the information security policies and procedures instituted by the organization's Information Security Committee and coordinates the activities with the committees.

• Gathers and organizes technical information about the organization's mission goals and needs, existing security products, and ongoing programs in the information security arena.

• Initiating, facilitating, and promoting activities to foster information security awareness and training within the organization.

• Needs to understand how to evaluate at systems, assess risk, and assist with designing, developing, engineering, and implementing solutions for information security requirements.

• Perform information security assessments and serves as an internal auditor/consultant for security issues.

• Involve and provide support with 3rd party audit process.

• Prepares and manages the security budget.

• Prepares and manages the various forms of security reports/status.

• Perform other duties as assigned by managements.

  Requirements:

• Bachelor's Degree or equivalent (with major course work in information security or a related field).

• Minimum of 10+years of experience in a combination of risk management, information security and IT management jobs

• Establishment of IS strategy & policy for a multi-faceted organization supported by multi-platform environments.

• Security assessment and incident-response within a dynamic IT environment

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.

• Excellent written and verbal communication skills and high level of personal integrity

• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.

• Experience with contract and vendor negotiations and management including managed services.

• Specific experience in Agile (scaled) software development or other best in class development practices.

• Auditing or evaluations of complex IT controls

• Possession of, or ability to obtain, one of the following information security certifications or equivalent is desirable:

• CISM (Certified Information Security Manager)

• CISSP (Certified Information)

• Systems Security Professional)

• CISA (Certified Information Systems Auditor)

  Base Salary 

$185,000.00 - $215,000.00

Powered by JazzHR