Director of GRC Information Security
Director of Information Security - GRC
This is GRC focused at an enterprise level. All frameworks: ISO 27000, NIST, Cyber security, SOX,PCI. Ideal candidate will have a security background in engineering, threat, SOC. Must have strong management and manage over managers.
Leads an Enterprise Security team that consists of one or more of the following: Security Architecture, Global Security Risk and Compliance, Security Engineering, Security Administration, Security Operations Center, IT Risk Management and Business Continuity.
Provides Team Members and Executive Leadership with research and guidance on risk assessments and appropriate mitigation strategies aligned with an Enterprise Risk Management Strategy.
- Understands the enterprise strategy and influences the integration of security into business strategies and processes while ensuring that the results are documented and actionable, with clear ties to Enterprise Security frameworks
- Align the security team scope, budget and staffing to the company level strategy, emerging technologies and changes in the threat landscape
- Responsible for effectively executing specific ES Risk Management and Compliance activities, including management of Enterprise Systems Sarbanes-Oxley (SOX) controls with associated supporting processes, collaboration with process owners to ensure that risk mitigations are appropriate and to report on progress with respect to the designed plan, all in alignment with company Enterprise Risk Management (ERM) guidelines
- Lead a functional Security team to manage information risk and availability to an acceptable level to meet the business and compliance requirements of the organization globally
- Establish and manage the capability to identify, protect, detect, respond and recover from information incidents to minimize business impact. Analyzes and provides assessments of IT Security Incidents & trends and their impact on Company's Global business to Senior Management
- Establish, monitor, evaluate and report key performance and key risk indicators (KPIs and KRIs) to provide leadership with accurate information regarding the effectiveness of the information risk & security strategy
- Establishes and maintains relationships outside of Company to inform on strategy and best practices
- Represents Company at security conferences and functions to understand and industry trends
- Directs the assigned security functions of Enterprise Information Security as they relate to Security Architecture, Security Risk and Compliance, Security Engineering, Security Administration, Security Operations, and IT Risk Management
- Minimum ten years of successful experience in an Information Security field
- Current CISM and or CISSP certification preferred
- Minimum five years of experience directly managing technical individual contributors, supervisors and managers
- Experience working with Risk Framworks: ISO, NIST, PCI, SOX
- Ability to manage vendor/supplier relationships, including contract negotiation, ongoing maintenance & support and problem-resolution
- Ability to effectively manage annual budgets >$3M and link team strategy to company performance