IT Director for Information/Cyber Security
Job Description:
Main Purpose: The IT Director of Information/Cyber Security will be responsible for overall strategy and execution in establishing and maintaining an enterprise-wide, cost-effective information security program to ensure that all information assets for corporate, regions and retail are protected. Work in partnership with company leaders to advance the information security needs of the company. Responsibilities will include development of a strategic security roadmap. Identifying, evaluating reporting on, and mitigating information security risks in a manner that meets internal, compliance and regulatory requirements, and responding to incidents that may occur. Ability to partner with constituents throughout the company to achieve strategic goals and ensure the appropriate balance is achieved between risk and controls. Must possess strong influencing skills to educate and shift the security tolerances of the company, executives, employees, vendors and franchises. . Core Accountabilities: • Responsible for the development and implementation of CPI Cardgroup's Information Security's Governance, Risk and Compliance program • Establish CPI Cardgroup security policies and enforcement • Responsible for the day to day Security Operations for CPI Cardgroup including Vulnerability Scans, Penetration tests, Incident Management, SIEM Management, etc. • Develop and coordinate the implementation of periodic risk assessments of networked assets that identify vulnerabilities. Recommend the best methodology to mitigate identified vulnerabilities. • Responsible for supporting the timely and successful PCI Certification annually • Coordinate, document and report on investigations of internal or external security incidents. Prepare post mortem analyses of information security breaches, violations, and incidents and document corrective and preventive action plans. • Provide consultant services to various technology stakeholders to design security controls that ensure the confidentiality, integrity and availability of information utilized throughout company's portfolio of business and productions applications. • Analyze and facilitate the selection of security software, hardware and other technology controls. • Support regulatory and corporate compliance initiatives as they pertain to information and content assets. • Support, communicate, reinforce and defend the mission, values, philosophy and culture of the organization. • Perform other duties as required. Key Outputs/Results: 1. A well designed Information Security Program and supporting roadmap designed to mitigate the key risks to CPI Cardgroup business 2. Critical analytics and metrics in business facing formats and presentation 3. Successful remediation of vulnerabilities to support the delivery of annual PCI ROC on time 4. Become a trusted advisor, build collaborative relationships with Regional IT teams, partner corporate IT teams, key internal business partners and critical vendor/partners 5. Delivery of Projects and services are aligned with CPI Cardgroup Business Strategy and IT Strategy 6. Development and management of clear escalation and notification paths for critical security incidents and issues 7. Develop good relationships with key service providers and technology partners 8. Global IT solutions successfully delivered in region to cost, schedule and meeting strategic business requirements 9. Work with business partners to understand evolving security risks Essential Knowledge: • University degree or equivalent work experience • Experience in at least 3 of the following areas • PCI Compliance within the context of Business as Usual (BAU) • Threat Intelligence & Vulnerability Management • Security Awareness • Third-party Service Provider Assurance • Policy & Procedure Documentation • Good business acumen • Experience working with Managed Service Partners • Strong knowledge across a broad set of infrastructure solutions/concepts including Cloud Computing, SAN Storage, Desktop computing, WAN and LAN concepts Technical Skills: • 10+ years as senior IT leader • 7+ years as a InfoSec leader/Manager • Computer Science or Business Administration degree preferred • Certified Information Systems Security Professional • Certified in or have demonstrable experience with ISO27001/27002/27005 • PCI DSS and SOX experience highly desirable • Strong familiarity with DNS and TCP/IP networking • Strong problem solving ability • Strong written and oral communication skills • Proven analytical and problem-solving abilities • 6-8 years of experience as IT Security Engineer or Security Analyst with specific experience in the following: • Log/event monitoring and management • Anti-Virus and Malware remediation • Mobile security • IDS/IPS • Application Whitelisting • Pen Testing • Firewalls • System hardening and patch management • Security policy creation, implementation and auditing • Retail/POS environments • Experience working in a team-oriented, collaborative environment • Knowl
Main Purpose: The IT Director of Information/Cyber Security will be responsible for overall strategy and execution in establishing and maintaining an enterprise-wide, cost-effective information security program to ensure that all information assets for corporate, regions and retail are protected. Work in partnership with company leaders to advance the information security needs of the company. Responsibilities will include development of a strategic security roadmap. Identifying, evaluating reporting on, and mitigating information security risks in a manner that meets internal, compliance and regulatory requirements, and responding to incidents that may occur. Ability to partner with constituents throughout the company to achieve strategic goals and ensure the appropriate balance is achieved between risk and controls. Must possess strong influencing skills to educate and shift the security tolerances of the company, executives, employees, vendors and franchises. . Core Accountabilities: • Responsible for the development and implementation of CPI Cardgroup's Information Security's Governance, Risk and Compliance program • Establish CPI Cardgroup security policies and enforcement • Responsible for the day to day Security Operations for CPI Cardgroup including Vulnerability Scans, Penetration tests, Incident Management, SIEM Management, etc. • Develop and coordinate the implementation of periodic risk assessments of networked assets that identify vulnerabilities. Recommend the best methodology to mitigate identified vulnerabilities. • Responsible for supporting the timely and successful PCI Certification annually • Coordinate, document and report on investigations of internal or external security incidents. Prepare post mortem analyses of information security breaches, violations, and incidents and document corrective and preventive action plans. • Provide consultant services to various technology stakeholders to design security controls that ensure the confidentiality, integrity and availability of information utilized throughout company's portfolio of business and productions applications. • Analyze and facilitate the selection of security software, hardware and other technology controls. • Support regulatory and corporate compliance initiatives as they pertain to information and content assets. • Support, communicate, reinforce and defend the mission, values, philosophy and culture of the organization. • Perform other duties as required. Key Outputs/Results: 1. A well designed Information Security Program and supporting roadmap designed to mitigate the key risks to CPI Cardgroup business 2. Critical analytics and metrics in business facing formats and presentation 3. Successful remediation of vulnerabilities to support the delivery of annual PCI ROC on time 4. Become a trusted advisor, build collaborative relationships with Regional IT teams, partner corporate IT teams, key internal business partners and critical vendor/partners 5. Delivery of Projects and services are aligned with CPI Cardgroup Business Strategy and IT Strategy 6. Development and management of clear escalation and notification paths for critical security incidents and issues 7. Develop good relationships with key service providers and technology partners 8. Global IT solutions successfully delivered in region to cost, schedule and meeting strategic business requirements 9. Work with business partners to understand evolving security risks Essential Knowledge: • University degree or equivalent work experience • Experience in at least 3 of the following areas • PCI Compliance within the context of Business as Usual (BAU) • Threat Intelligence & Vulnerability Management • Security Awareness • Third-party Service Provider Assurance • Policy & Procedure Documentation • Good business acumen • Experience working with Managed Service Partners • Strong knowledge across a broad set of infrastructure solutions/concepts including Cloud Computing, SAN Storage, Desktop computing, WAN and LAN concepts Technical Skills: • 10+ years as senior IT leader • 7+ years as a InfoSec leader/Manager • Computer Science or Business Administration degree preferred • Certified Information Systems Security Professional • Certified in or have demonstrable experience with ISO27001/27002/27005 • PCI DSS and SOX experience highly desirable • Strong familiarity with DNS and TCP/IP networking • Strong problem solving ability • Strong written and oral communication skills • Proven analytical and problem-solving abilities • 6-8 years of experience as IT Security Engineer or Security Analyst with specific experience in the following: • Log/event monitoring and management • Anti-Virus and Malware remediation • Mobile security • IDS/IPS • Application Whitelisting • Pen Testing • Firewalls • System hardening and patch management • Security policy creation, implementation and auditing • Retail/POS environments • Experience working in a team-oriented, collaborative environment • Knowl