Director Information Security
- - Information Technology
- Jacksonville, FL, USA
- Full Time
- Medical, Dnetal, Vision, 401k and more.
The Director of Information Security is accountable for the leadership and implementation of the organization's information security and privacy program. They are charged with creating strategy and implementing best practices aligned with recognized security frameworks such as the NIST Cybersecurity Framework (CSF). The Director of Information Security is responsible for taking a multi-faceted continuous improvement approach to security and privacy by defining policies, auditing policies, implementing incident responses and reducing vulnerabilities throughout the organization. They must ensure that the organization maintains an effective security response capability that will identify, contain and resolve cybersecurity incidents while minimizing business impact. The Director of Information Security must constantly stay abreast of new threats or vulnerabilities that could impact the organization. They must provide thought leadership and guide the organization and Executive Leadership Team in appropriate matters to implement security measures and respond to vulnerabilities.
- Defines, communicates, and executes the vision and strategies for effective information security management across the organization
- Serve as an internal information security consultant to the various business stakeholders to assist / advise / educate on all aspects of information security and compliance
- Creates and continuously updates an internal cybersecurity self-assessment to audit the organizational capabilities and actively implements new controls to fill gaps
- Responsible for creating an adaptive security architecture that aligns with a framework including identifying, protecting, detecting, responding, and recovering to threats
- Defines, develops, manages and implements cybersecurity policy lifecycle, protocols, procedures and guidelines as they pertain to all facets of security risk management
- Constantly updates the cybersecurity strategy to leverage new technology and threat information
- Responsible for the creation, publication, distribution and compliance of the cybersecurity and privacy policies, ensuring alignment with NIST CSF or other cybersecurity frameworks.
- Creates processes to effectively and efficiently handle policy exceptions including exception monitoring
- Develops and manages the vulnerability lifecycle from detection and reporting to remediation tracking and verification
- Accountable for implementing a continuous improvement process to lower vulnerability risk throughout the enterprise
- Responsible for working with IT Management team to catalog IT assets in order to prioritize vulnerability assessment, scanning, and response
- Partner with the enterprise architecture teams to build alignment between security and enterprise architectures and secure coding standards, to ensure information security requirements are implicit and built in to product design and development
- Define and build partnerships with external partners for providing forensic investigation, incident response support and other services as identified
- Develops an incident response plan and procedures that includes annual tabletop simulations to ensure procedures are up to date and continuously improve plans
- Identifies risks and develop mitigations plans among various groups inside and outside of IT
- Develops and implements a disaster recovery program and ties it with the overall business continuity strategy
- Works in conjunction with Risk Management and Compliance to address organizational wide threats and policy changes
- Effectively monitors and reports key performance indicators (KPIs) related to cybersecurity to the Chief Information Officer, Executive Leadership Team and Board of Directors
- Serves as the resident security expert and key resource to drive security initiatives and manage enterprise initiatives
- Ensure proper access controls and identity verification are in place
- Establishes, monitors and ensures compliance with organization wide and department specific training for cybersecurity
- Ensure effective levels of data asset protection are in place and monitored including data loss / data leakage and intrusion detection and prevention
- Defines and promotes activities to foster privacy and security awareness and compliance within the organization
- Develops and works with the Chief Information Officer to establish a budget for organizational cybersecurity
- Keep leadership informed of changes related to new and ongoing projects within the organization; resolve and/or escalate project issues in a timely fashion
- Delivers engaging, informative, and well-organized presentations
- Meet professional obligations through efficient work habits such as, meeting deadlines, honoring schedules, coordinating resources and meetings in an effective and timely manner, and demonstrate respect for others
- All work responsibilities are subject to having performance goals and/or targets established
The above is not an all-inclusive list of all duties performed by this job title, only a representative summary of the primary duties and responsibilities. Incumbent may be required to perform other additional duties as assigned.
- A Bachelor's Degree in Computer Science, Information Systems, or Information Security; or equivalent combination of education and relevant experience
- Master's Degree in Computer Science/Information Systems, preferred
- 8+ years of experience in Information Systems
- 3+ years of IT security experience
- CCISO, CISSP, CISM or CEH certifications, preferred
Knowledge, Skills & Abilities
- Expertise in budget planning, financial management, and resource management (including the ability to develop cost-effective approaches to organizational needs)
- Ability to troubleshoot and resolve complex issues
- Familiarity with application security technologies used to store enterprise information and information auditing systems
- Understanding of business / technology controls to manage confidential data through its lifecycle
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- Ability to acquire a thorough understanding of the business environment and systems, connectivity and application technologies
- Ability to manage multiple enterprise level projects, meet deadlines, interface with different company business units and work in a fast-paced technology driven environment
- Ability to recognize and execute on strategic and adjacent opportunities to create efficiencies or reduce risk
- Demonstrable interviewing skills for talking with individuals and groups about their needs and ask the effective questions to surface essential requirements information
- Ability to critically evaluate information from multiple sources, reconcile conflicts, decompose high level information into details and abstract low-level information to a more general understanding
- Ability to decompose a project into distinct work packages and determine appropriate resource requirements for each work package
- Ability to distinguish user requests from the underlying business needs and distinguish solution ideas from requirements
- Ability to work with people to establish goals, objectives, and action plans
- Understands information in several unrelated professional disciplines
- Excellent leadership capabilities, strong judgment, and the ability to work effectively with and influence clients, team members, management and external groups
- Additional leadership skills including development, mentoring, coaching, motivation, and ensuring a collaborative work environment
- Excellent written and verbal communication skills
- Strong analytical, problem solving and planning ability
Step Up For Students believes strongly in two key core values, and it is the responsibility of all employees to demonstrate these values in their everyday work in order to maintain a positive and effective organizational culture.
Everyone is an asset.
Every event is an improvement opportunity
This position occasionally requires the abilities of standing, walking, repetitive finger motion, lifting or exerting forces up to 50lbs., reaching or stretching, climbing or balancing, crouching or stooping, crawling, depth perception.
This position frequently requires the abilities of sitting, fingering or manual dexterity, speaking, hearing and seeing colors.
This position is an office environment with very limited exposure to any outside fumes, odors, heat and/or weather conditions.
THIS POSITION HAS BEEN CLOSED! PLEASE CHOOSE ONE OF THE OPTIONS BELOW:
- Search Current Openings
Sign Up For Job Alerts
Follow Us On Social Media