Our client is seeking a highly skilled, innovative, and transformational leader to join their team as a Director of Information Security. The success of the mission and objectives will depend on a leader who understands and can drive the collaborative efforts needed to implement a robust and secure environment.
The Director of Information Security is responsible for the development, implementation, and management of the Information Security program at an enterprise level. The Director of Information Security serves as a departmental manager for cyber security related operations (including incident response) and will own technology controls/measures, and policies, procedures, and processes. This role will oversee security remediation efforts and ensure the protection of their external-facing applications, personal information, healthcare information, and children's privacy. The Director of Information Security will plan, design, and direct all risk assessment activities and audits as well own compliance controls and monitoring as it pertains to their data protection and governance program.
Reporting to the Chief Information Officer, this is an exempt, full-time position located at their NYC headquarters. They offer a competitive salary and benefits.
Responsibilities
Define and implement the organization's information security program
Conduct risk assessments and develop mitigation plans
Manage security incidents and ensure timely remediation
Oversee the organization's security operations
Develop and maintain security policies and procedures
Provide security awareness training to employees
Work with other departments to ensure the security of the organization's systems and data
Work closely with engineering, product, and science/research collaborators
Lead internal and external stakeholders and partners through evaluation and execution
Qualifications
Bachelor's degree in information security, computer science, or a related field
Advanced degree preferred
5+years of experience in a combination of risk management, information security, and IT jobs. At least five must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Knowledge of common information security management frameworks, such as NIST 800-53, NIST Cybersecurity Framework, or ISO 27001
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Excellent knowledge of technology environments, including telecommunications, networks, programming, media, and desktops
Strong understanding of security risks and threats
Experience implementing security and protecting internet-facing applications in multiple major public cloud (Amazon Web Services, Microsoft Azure, or Google Cloud)
Experience in protecting personal information, healthcare information, and children's privacy
Working knowledge of HIPAA, GDPR, and CPPA
Experience in data protections in a data and compute intensive environments
Excellent communication and interpersonal skills
Ability to work independently and as part of a team
Experience in Microsoft 365 and Google Workspace environments, Hybrid Windows and MacOS endpoint environments, Cisco Networking equipment, Windows and Linux server environments, Cloud architecture (AWS, Azure, GDP), GitHub and server virtualization (VMWare).
Strong interpersonal, communication, and customer service skills
Excellent judgment and creative problem-solving skills, including conflict resolution.
Experience with managing subject matter experts and cross-functional IT professionals including recruitment, supervision, scheduling, development, evaluation and disciplinary actions
Professional demeanor and attitude
Self-starter, attentive to detail and team player able to establish and maintain effective working relationships
Special Considerations
Please upload RESUME during the application process.
The anticipated salary range for this position is $(phone number removed) - $(phone number removed) annually.
The salary range for the position is posted. Factors such as candidate's work experience, education/training, job-related skills, internal peer equity, as well as market and business considerations affect the salary offered within this range. In addition, this salary may be subject to a geographic adjustment (according to a specific city and state and depending on the role), if an authorization is granted to work outside of the location listed in this posting.
Our client is an equal opportunity employer and does not discriminate in employment based on race, religion (including religious dress and grooming practices), color, sex/gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sex stereotype, gender identity/gender expression/transgender (including whether or not you are transitioning or have transitioned) and sexual orientation; national origin (including language use restrictions and possession of a driver's license issued to persons unable to prove their presence in the United States is authorized under federal law [Vehicle Code section (phone number removed)]); ancestry, physical or mental disability, medical condition, genetic information/characteristics, marital status/registered domestic partner status, age (40 and over), sexual orientation, military or veteran status, or any other basis protected by federal, state or local law or ordinance or regulation.