Information Security Senior IT Director

Fort Worth, TX, United States

04th June, 2024

Our client in the Dallas-Fort Worth area is seeking a full-time Information Security Senior IT Director to join their team.

This is a hybrid/ full-time/direct-hire position

Salary based on experience: $170k-$200k

Summary Description

The Senior Director of IT, Information Security is pivotal in securing information assets to meet business goals. This role involves creating and maintaining a robust information security program that protects technology, applications, systems, infrastructure, and processes within the digital ecosystem. Responsibilities include identifying and mitigating legal, regulatory, compliance, IT, and cybersecurity risks while supporting business objectives. The Senior Director coordinates technical activities to manage security infrastructure and provides regular status updates to management. This leadership position requires a strong technical background and the ability to align IT and business priorities with key objectives, balancing real-world risks with business needs such as speed and performance.

Expertise in project management is crucial for the Senior Director, who must prioritize tasks effectively between operational duties and long-term strategic security efforts. Responsibilities include managing multiple IT and security teams, task prioritization, project reporting, and vendor relationship management to ensure service levels are met. The leader must deeply understand cybersecurity technologies for corporate networks and the broader digital ecosystem. They will collaborate with business and ecosystem partners to implement agreed-upon security policies and standards. Additionally, the Senior Director will oversee the enterprise information security and compliance program, ensuring systems are secure and compliant with legal and contractual obligations while reporting to the Group CIO and representing the organization externally.

Key Result Areas Establish Governance and Build Knowledge Building and leading the information security function

Successfully setting up and managing governance

Develop cyber security, risk, and compliance frameworks Obtain and maintain certification that is pertinent to our industry

Architecture & Engineering Support Develop Secure IT practices and ensure incorporation of these practices

Operational Execution Design, build and run the Security Ops practice

Successful implementation of proactive measures for security and robust reactive framework to address issues as they come up

Key Accountabilities / Job Duties:

Establish Governance and Build Knowledge

Facilitate an information security governance structure by implementing a hierarchical governance program, including forming an information security steering committee or advisory board.

Provide regular reporting on the current status of the information security program to enterprise risk teams and senior business leaders

Work with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.

Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for different audiences.

Understand and interact with related disciplines through committees to consistently apply policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management. Provide clear risk-mitigating directives for projects with components in IT, including the mandatory application of controls.

Develop the Frameworks

Develop and enhance an up-to-date information security management framework based on one of the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations.

Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversee the approval and publication of these information security policies and practices.

Create a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection of information assets.

Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, increase the maturity of the information security, and review it with stakeholders at the executive and board levels.

Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, increase the maturity of the information security, and review it with stakeholders at the executive and board levels.

Architecture/Engineering Support

Work with IT staff to ensure security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.

Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

Research, evaluate design, test, recommend, or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

Work with the enterprise architecture team to ensure a convergence of business, technical, and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

Operational Execution

Coordinate, measure, and report on the technical aspects of security management.

Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

Manage and coordinate operational components of incident management, including detection, response, and reporting.

Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.

Manage security projects and provide expert guidance on security matters for other IT projects.

Assist and guide the disaster recovery planning team in selecting recovery strategies and developing, testing, and maintaining disaster recovery plans.

Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.

Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.

Applicants must be authorized to work in the U.S.

We are an equal opportunity employer. We do not discriminate in hiring or employment against any individual based on race, color, gender, national origin, ancestry, religion, physical or mental disability, age, veteran status, sexual orientation, gender identity or expression, marital status, pregnancy, citizenship, or any other factor protected by anti-discrimination laws.

#J-18808-Ljbffr