The Information Security Director is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The DIRECTOR will lead the Information Security function, working closely with other senior executives, IT team members, and external stakeholders to manage and mitigate security risks.
Key Responsibilities:
Strategy & Planning:
• Develop and implement a comprehensive information security strategy and program.
• Lead risk assessment and management processes, including threat modeling and vulnerability assessments.
• Establish security policies, procedures, and standards to protect company assets.
Leadership & Management:
• Manage a high- performing information security function
• Coordinate with other departments to ensure alignment with security policies and objectives.
• Provide guidance and mentorship to IT members
Compliance & Governance:
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI- DSS).
• Conduct regular audits and assessments to ensure ongoing compliance.
• Oversee the development and implementation of information security policies and procedures.
Incident Response & Management:
• Develop and oversee incident response planning and execution.
• Communicate with relevant stakeholders during incidents, including executive management and, when necessary, external parties.
• Lead the response to security breaches and incidents, including forensic analysis and remediation.
Education & Awareness:
• Promote security awareness across the organization.
• Develop and deliver training programs to educate employees on security best practices and policies.
Technical Oversight:
• Oversee the implementation and management of security technologies and solutions (e.g., firewalls, intrusion detection/prevention systems, endpoint protection).
• Stay abreast of the latest security technologies, threats, and trends.
Vendor Management:
• Negotiate contracts and service level agreements to maximize value and security benefits.
• Manage relationships with external vendors and service providers.
• Assess and select security vendors to ensure they meet the company&039;s security requirements.
• Oversee vendor performance and ensure compliance with contractual obligations.
Qualifications:
Education & Certifications:
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, or equivalent.
Experience:
• Demonstrated success in developing and implementing security strategies and programs.
• Proven experience in a senior leadership role
• 7+ years of experience in information security roles.
Skills & Competencies:
• Ability to work under pressure and manage multiple priorities.
• Strong problem- solving and decision- making skills.
• In- depth knowledge of information security management frameworks (e.g., ISO/IEC 27001, NIST).
• Excellent leadership, communication, and interpersonal skills.
• Strong understanding of current threat landscape and security technologies.
