The DIRECTOR OF IT SECURITY establishes information security strategy for the organization and directs the implementation and monitoring of information security standards and policies. They provide information security guidance to executive leadership within the organization by recommending appropriate information security investments and practices. They are also responsible for managing risks relating to information security, physical security, business continuity planning, crisis management, privacy, and compliance.
Responsibilities
- Defines enterprise security and risk policy and oversees the development of technology architecture to support this policy
- Coordinates with stakeholders to align enterprise security and risk strategies with business priorities
- Monitors regulatory compliance with enterprise security policies and educates business unit leaders and service managers on compliance efforts
- Leads an experienced team of internal and external resources that provides global coordination and oversight of divisional and business unit Information Risk Management processes and strategies
- Oversees development of an information security awareness program
- Makes balanced risk investments by understanding the trade-off required to manage different levels of risk tolerance and risk exposure across the organization
- Keeps abreast with evolving threats/risks, industry trends and works to implement best practices in the organization
- Ensures the provision of services and capabilities for the protection of organization assets globally
- Develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users to create customer-centric security policies
- Coordinates audit and regulatory inquiries and external vendor activities to help represent the company from an information security, recovery and technology risk perspective
- Participates in leading industry forums and consortiums to represent business interests
- Oversees security-related vendor relationships, product selection, and negotiation of high-level contracts to provide services and capabilities for the protection of organization assets globally
Qualifications
- Five years of professional experience in managing an information security function, including analyzing and applying information security risk, risk management, and privacy practices
- Some experience in strategic planning, budgeting, and allocation
- Bachelor’s or master’s degree in computer science, management information systems, business administration, or related discipline preferable
