Overview |
Under the leadership of the Executive Director of Technology Services, the Director of IT Security establishes an information security strategy for the Company and directs the implementation and monitoring of information security standards and policies. Provides information security guidance to executive leadership within the organization by recommending appropriate information security investments and practices. Responsible for managing risks relating to information security, physical security, business continuity planning, crisis management, privacy, and compliance. |
Primary Responsibilities |
- Develops, implements, and monitors a strategic and comprehensive Company information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
- Defines Company security and risk policy and oversees the development of technology architecture to support this policy.
- Coordinates with stakeholders to align Company security and risk strategies with business priorities.
- Responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the Company.
- Monitors regulatory compliance with Company security policies and educates business unit leaders and service managers on compliance efforts.
- Responsible for the development of up-to-date security policies, standards, and guidelines; and oversees training and dissemination of security policies and practices.
- Leads an experienced Company team that provides coordination and oversight of all information risk management processes and strategies for the Company.
- Oversees the operational support provided by the IT Security team including overseeing incident management, reporting, and day to day activities involved with threat and vulnerability management.
- Liaise with the Company architecture team to ensure alignment between the security and Company architectures, thus coordinating the strategic planning implicit in these architectures.
- Oversees development of an information security awareness program with customized communication tools and campaigns for each business unit and integrated services group.
- Coordinates business continuity planning efforts across business units.
- Makes balanced risk investments by understanding the trade-off required to manage different levels of risk tolerance and risk exposure across the organization.
- Keeps abreast with evolving threats/risks, industry trends, and works to implement best practices in the organization.
- Ensures the provision of services and capabilities for the protection of organization assets.
- Develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end-users to create customer-centric security policies.
- Coordinates audit and regulatory inquiries and external vendor activities to help represent the company from information security, recovery, and technology risk perspective.
- Participates in leading industry forums and consortiums to represent business interests.
- Oversees security-related vendor relationships, product selection, and negotiation of high-level contracts to provide services and capabilities for the protection of organization assets.
- Develops and oversees effective disaster recovery policies and standards to align with Company business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provide direction, support, and in-house consulting in these areas.
- Responsible for personnel management of direct reports including hiring, training, staff development, and performance management.
- Performs other related duties as assigned.
|
Qualifications |
- Security experience in the medical industry
- Experience in highly regulated industries (finance)
- Experience in mergers and acquisitions
- Experience with PCI-DSS compliance
- Cloud security experience
- Bachelor’s Degree in Computer Science, Management Information Systems, Business Administration, or related discipline.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
- Eight years of professional experience managing an information security function, including analyzing and applying information security risk, risk management, and privacy practices.
- Ten years of experience working with national regulatory compliance frameworks such as CCPA, ISO, SOX, HIPAA, and PCI DSS.
- Extensive experience in strategic planning, financial/budget management, and resource allocation.
- Extensive experience in developing and maintaining policies, procedures, standards, and guidelines.
- Experience working with legal, audit, and compliance staff.
- Working knowledge of the following areas of technical expertise: information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management, IT financial management, and IT audit.
- Strong proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Strong project management skills.
- Strong leadership and management skills.
- Strong computer proficiency including Microsoft Office, Internet, and email.
- Ability to motivate and manage a team of information security staff supporting the organization’s goals and ability to lead the process of developing an information security vision for the future.
- Ability to cultivate and build collaborative working relationships with a broad range of Company stakeholders.
- A well-developed understanding of and appreciation for business needs and a commitment to leading the information security team in delivering high-quality, prompt, and efficient service to the business.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Ability to effectively influence others.
- Excellent written and verbal communication skills, and interpersonal and collaborative skills.
- Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner.
- Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives.
- Must be a critical thinker with strong problem-solving skills.
- Multi task-oriented and strong attention to detail.
|
Certificates, Licenses & Registrations |
- Must be 21 years of age or older.
- Must apply for, receive, and maintain a Gaming License.
|
Disclaimer |
This Company is an Equal Opportunity Employer but does practice Indian Preference hiring in accordance with Public Law 93-638, the Indian Self Determination and Education Act. All applicants must be able to demonstrate their U.S. work authorization during the employment verification process. The pre-employment process also requires the ability to pass a criminal background investigation, and drug/alcohol test.
This job description indicates, in general terms, the type and level of work performed as well as the typical responsibilities of team members in this classification. The duties described are not to be interpreted as being all-inclusive to any specific team member. Nothing in this job description changes the at-will employment relationship existing between the Company and team members.
The Essential Job Functions, Physical Requirements, and Work Environment characteristics required are representative of those that must be met to successfully perform the essential functions of this job. Management reserves the right to add, modify, change, or rescind the work assignments of different positions and to make reasonable accommodations so that qualified team members can perform the essential functions of the job. The above statements are intended to describe the general nature and level of work being performed by persons assigned to this job. These statements are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required.
|