Director of IT Security and IT Compliance

Posted · Add Comment
ctechny.com
Published
June 15, 2020
Location
New York, New York
Category
 
Job Type

Description

Our client is looking for a Director of IT Security and IT Compliance to join their rapidly growing team.  To be successful in this role, you will need to be hands-on in implementing new security strategy initiatives and solutions as well as partner with the IT Infrastructure team on improving and operating existing security measures at the company and across our portfolio. 

Responsibilities:

  • Assess the firm's existing IT Security needs and partner with the IT Infrastructure team to align on existing security measures and initiatives (both at the company and across the portfolio) and take a hands-on course of action to enhance the security of their cloud-centric environment
  • Develop and implement information protection and security strategies to ensure the security, privacy, integrity, confidentiality, and availability of the cloud-based technology assets
  • Ensure all systems, processes, policies, and tools are aligned 
  • Partner with business leaders to facilitate company-wide security risk assessments and risk management processes, including maintaining, communicating and ensuring compliance with organizational IT security and data privacy policies
  • Collaborate with the IT Infrastructure team on developing security goals, defining security strategies, metrics, and the overall Information Security roadmap in support of the business goals
  • Address IT security risks and gaps identified by Internal or External Audit in collaboration with IT Infrastructure, IT vendors and Legal
  • Continuously and proactively monitor current and emerging cybersecurity threats, regulatory changes, etc. and work with the IT Infrastructure team to determine how they may impact the overall business operations
  • Provide subject matter expertise to executive management 
  • Implement a process for continuous IT security monitoring and incident management to effectively identify, respond, contain and communicate suspected or confirmed incident
  • Develop and execute business continuity and disaster recovery plans with business teams and the broader technology team
  • Develop, maintain, and publish up-to-date information security and data privacy policies and guidelines that are aligned with emerging IT security and data privacy standards in collaboration with Legal
  • Create and manage information security and risk management awareness training for employees across the portfolio
  • Conduct IT Security due diligence assessments for acquisition targets and assist with integration efforts post-closing
  • Maintain and review third-party SOC reports annually and ensure appropriate organizational controls are in place and effective
  • Serve as the Company’s Chief Data Security and Privacy Officer

Requirements:

  • 10+ years hands-on experience in IT Information Security, which includes at least 5 years of recent experience in a senior management level position preferably with experience in cloud-focused environments
  • BS. in Computer Science, Info Systems, Engineering, or similar (Masters degree preferred)
  • Certifications such as CISSP, CISA, CISM, CRISC, and/or GIAC
  • Demonstrated experience with identifying and implementing IT Security solutions for current-state needs with scalability for growing environments, leveraging emerging cloud-based solutions for an evolving business
  • A strategic thinker with a strong hands-on approach, capable of designing, building, and operating security programs in a fast-paced environment
  • Ability to communicate complex cybersecurity and data privacy topics in layman terms toall levels of the organization
  • Passion for technology, with demonstrated ability to single-handedly uncover root causes of complex technical problems and directly provide guidance and assistance on solving them
  • Strong vendor management experience, including the ability to identify and select essential vendor resources that speak to the IT Information Security needs
  • Capable of thriving in rapidly evolving environments, with the ability to proactively identify opportunities in ambiguity
  • Strong bias for action and self-motivated, with the ability to effectively prioritize tasks to address the broader needs of the business
  • Excellent analytical, evaluative, and problem-solving abilities
  • Hands-on experience with and familiarity with the IT security management of Office 365 tenants and all associated components (OneDrive, SharePoint, Teams, Azure AD, etc.);
  • Familiarity with 365 Security and Compliance Center, E5 Cloud App Security/Advanced Thread Protection, InTune-based MDM management, AzureAD Conditional Access, 365 Data Classification/Sensitivity Labeling, DLP and IRM preferred
  • Experience with modern PaaS/SaaS-based IAM and SSO providers and protocols preferred (ex: AzureAD, Okta, Duo, SAML, etc)
  • Knowledge of SEIM Log aggregation and correlation products (ex: Splunk, Sentinel, etc) a plus
  • Hands-on experience with Intrusion and Penetration Testing Toolkits such as Kali Linux
  • Experience with Managed Detection and Response (MDR) platforms and forensic threat hunting
  • Excellent experience with cybersecurity frameworks, such as SANS/NIST, ISO 27000, SOC
  • Strong experience with data security and privacy regulations such as HIPAA, PCI, GDPR, 23 NYCRR 500, SOX, etc.

Related Jobs

Project Manager   Princeton, New Jersey new
July 10, 2020
PMO Project Manager   Princeton, New Jersey new
July 10, 2020
Machine Learning Technologist   New York, New York new
July 9, 2020
Senior Network Engineer   Scarsdale, New York new
July 9, 2020
July 7, 2020