Director, Information Security

Malone Solutions (previously AllStaff IT) is focused on the IT and Engineering market. The company is focused on understanding its clients and their needs in order to identify and present only the most qualified candidates that fit the client's culture. Job Description The Director, Information Security is a key member of the leadership team and is responsible for the strategic leadership and day to day management of Information Security programs and solutions. In this role, the Director, Information Security will develop and continuously improve a comprehensive security program and roadmap, addressing both current and perceived risks, while helping to create a culture that is attuned to cybersecuritythreats through education, policy development and project implementation. The Director, Information Security will lead and mentor the Information Security and User Provisioning teams, and will serve as a subject matter expert for Executive Management and across the organization.  Responsibilities: Collaborate with key subject matter experts, both internal and external to analyze and assess the current and future threatlandscape. Develop and continuously improve a comprehensive security program that addresses identified risks. Oversee the ongoing review, selection, deployment, monitoring, maintenance and enhancement of the company's security technology and architecture. Sponsor and lead information security projects across the business working withinternal and external stakeholders to ensure robust on-time, on-budget delivery. Ensure close collaboration between the infrastructure, application development and security teams to incorporate enterprise security standards throughout the lifecycle of a project. Develop and manage Information Security roadmap, strategies and budgets based on industry standards and emerging technologies and issues. Develop, implement and communicate enterprise security policies and standards including security training and awareness program to promote adoption and practice. Monitor and advise on any changes in industry standards or legislation. Partners with business and legal to understand and develop a response to supplier / customer requirements and inquiries. Develop and maintain a security incident response plan that includes the ongoing test of the effectiveness of the program. Investigate security incidents, leading response teams and efforts. Provide support for internal and external audits. Manage and develop "self" audits to ensure compliance to policy, including the use of vulnerability assessments and penetration tests. Provide oversight of the creation, approval and implementation of business continuity/disaster recovery plans, including periodic tests of the plan. Develop and manage a risk assessment process for new projects as well as major changes to existing Infrastructure/Applications. Provide subject matter expertise as member of Cybersecurity Committee. Develop agenda, distribute minutes and track progress on action items. Provide technical expertise to Audit Committee during Quarterly Audit Committee meetings. Lead and mentor Information Security & User Provisioning teams with responsibility for hiring, training, performance management and the implementation of key metrics. Particular emphasis on the development of team members to increase the overall bench strength, capability, competency and resilience of team and function. Requirements: Bachelordegree in Management Information Systems, Computer Science, Engineering or related field required. Master degreepreferred. Industry certification such as Certified Information Systems Security Professional (CISSP) preferred. Minimum of 10 years of information security management experiencerequired with progressive managerial responsibility gained in a distributed enterprise environment preferred Demonstrable experience of emergency preparedness, critical incident management, business continuity and disaster recovery. Experience with large IT Infrastructure and/or IT security projects, e.g. firewall deployment, NAC implementation, web proxy upgrade etc. Prior experience with information security frameworks, secure networkarchitecture and design, cloud computing, and secure application architecture/design preferred. Strong working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud networks. Experienced in developing policies and procedures for identity and access management, security programs, security procedures and security standards. Articulate with strong verbal and written communication skills; able to communicate with technical and non-technical audiences at all levels of the organization. Ability to present technical information to executive leadership. Experience working within a centralized/decentralized matrix business environment highly desirable.
Salary Range: $192K - $216K
Minimum Qualification
11 - 15 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.