Silver Search Inc
Director of Information Security New York, NY
Director of Information Security is one in wanting to make a difference, by bringing together technical capabilities, organizational skills, and the ability to effect stakeholder management across all business lines. The protection and security of Intercept’s information assets lies at the heart of this role.
The Director of Information Security is a senior leadership role responsible for the development and execution of the overall enterprise information security roadmap that includes creation and implementation of effective and reasonable security standards and policies to secure protected and sensitive data and ensure information security and compliance with relevant legislation as well as identification, selection and deployment of security services and tools to identify, address and mitigate security risk.
- Initiate, facilitate, and promote activities to foster information security awareness within the organization. Establish the policies, procedures, tools, configurations, training, and audits that comprise the program.
- Define and drive the overall information security strategy and roadmap for the company including fortification of existing enterprise assets, implementation and constant re-validation of policies and procedures that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality, and availability of information that is owned, controlled, and processed within the organization.
- Create a culture of cyber security from the ground up both within the business lines and the technology team, starting with business requirements all the way through design, development and validation of code and configuration.
- Ensure creation, validation and execution of clearly defined and executable information security policies, standards, and procedures with appropriate governance to ensure ground level adoption.
- Collaborate actively with the Chief Architect and the architecture team in the Agile software development process as a security subject matter expert, to ensure that the product architecture conforms with all company security policies and security best practices. And to ensure that all software developed by the company will meet all security audit, compliance, and control requirements.
- Work directly with business units and other internal departments and organizations to facilitate IS risk analysis and risk management processes, identify acceptable levels of residual risk, establish roles and responsibilities related to information classification and protection, and to ensure that other managers are taking effective remediation steps.
- Manage security incident response planning as well as the investigation of security breaches including convening a Security Incident Response Team (SIRT), as needed, while serving as the primary control point during such incidents.
- Coordinate and track all information technology and security-related audits including scope of audits, timelines, auditing agencies, and outcomes; work with outside consultants as appropriate for independent security audits.
- Ensure that security policies and procedures are regularly communicated to all staff, and that compliance is enforced. Continuously update the organization’s security strategy to leverage new technology or adapt to new and emerging threats.
- A bachelor’s degree in information systems, engineering or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Candidates with the following certifications are preferred: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
- 5-7 years of experience in security roles with increasing responsibility and business-leadership exposure, culminating in a leadership role. Previous roles may include information security analyst, application security or penetration testing, network-related security roles (firewall, intrusion detection, data loss prevention), or audit/compliance such as working to maintain SOX, PCI, and/or HIPAA compliance.
- 8-10 years or experience in an enterprise technology environment, ideally with customer-facing systems and services. Numerous roles are applicable – operations, application development, networking, systems and infrastructure architecture, or other as applicable
- Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
- Previous experience driving strategic planning and associated processes for budgeting and portfolio decision-making for business or technology goals is required. The ability to distill requirements from non-technical staff and working relations and build road-maps and prioritize over time is also required.
- Experience driving SOX/PCI compliance audit initiatives with internal and external auditors.
- Excellent written and verbal communication skills — including the ability to effectively compile and present security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills