Director, IT Security & Compliance (Remote)

The Director, IT Security & Compliance will be responsible for leading and managing all aspects of the company's IT security program, including developing and implementing security policies and procedures, identifying and mitigating security risks, ensuring compliance with regulatory requirements, overseeing IT compliance and risk management efforts, and leading cyber security threat assessment and deterrent measures. This role will have responsibility to protect DBI’s information technology, brand, intellectual property, customer, and private information and data from misuse or compromise. We are open to remote based candidates however, due to collaborative nature of this role, candidates based in the EST/CST time zones are preferred.

Essential Duties and Responsibilities:

• Develop, mature, implement a comprehensive IT security and cybersecurity strategy aligned with the company's business objectives and industry best practices. Continuously assess and update the strategy to address emerging cyber threats and vulnerabilities.
• Oversee day-to-day security operations, including monitoring, detection, and response to cyber threats and security incidents. Implement advanced threat detection tools and technologies to proactively identify and mitigate cyber threats.
• Lead efforts to conduct comprehensive cyber threat assessments, including identifying potential threat actors, their motives, and tactics, techniques, and procedures (TTPs). Utilize threat intelligence sources and tools to enhance threat visibility and situational awareness.
• Direct staff in identifying, developing, implementing, and maintaining security standards, processes, controls, practices, procedures, and policies throughout the organization.
• Research and deploy technology solutions and innovative security and management techniques to safeguard the organization’s assets, including intellectual property.
• Develop and manage the security department’s budget, ensuring cost-effective use of resources.
• Oversight of the Business Information Security Committee and security forum steering committee
• Lead proactive measures to deter cyber threats and attacks. Collaborate with internal teams and external partners to develop and deploy effective threat deterrent strategies.
• Identify, assess, and prioritize security risks and vulnerabilities across the organization's IT infrastructure, applications, and systems, with a specific focus on cyber threats. Develop and implement risk mitigation strategies to safeguard against potential cyber-attacks and data breaches.
• Ensure compliance with relevant regulatory requirements, industry standards, and internal policies related to IT security and data protection. Conduct regular compliance assessments and audits to validate adherence to appropriate regulatory requirements.
• Partner with Internal Audit team to compliance with regulatory and standard agencies (ISO, Sarbanes-Oxley, PCI, etc.) as it applies to our DBI.
• Develop and maintain incident response plans and procedures to effectively respond to cyber security incidents and data breaches. Conduct regular tabletop exercises and simulations to test the effectiveness of incident response plans.
• Develop and deliver cybersecurity awareness training programs for associates to educate them about common cyber threats, phishing attacks, and best practices for safeguarding sensitive information. Foster a culture of cybersecurity awareness throughout the organization.
• Partner with appropriate business owners to author security and disaster-related documentation within all hosting operations including Disaster Recovery Plan, Business Continuity Plan, security standards, and security policies.
• Evaluate the security posture of third-party vendors and service providers to assess their ability to protect the organization's data and systems from cyber threats. Establish contractual requirements and security controls to mitigate third-party risks.
• Work closely with IT architecture and engineering teams to integrate security controls and measures into the design and implementation of IT systems and applications. Conduct security reviews and assessments of new technologies and solutions.
• Coordinate with Network Engineering team on technical security to network infrastructure.
• Evangelize new security features across DBI enterprise.
• In partnership with internal legal team provide liaison with local and federal authorities in the event of discovered criminal activity.
  
  

Required Skills:

• In-depth knowledge of cybersecurity principles, practices, and technologies, including threat intelligence, intrusion detection, and security incident response.
• Experience developing and implementing IT security and cybersecurity strategies, policies, and procedures.
• Strong understanding of cybersecurity frameworks and compliance requirements, such as NIST Cybersecurity Framework, ISO 27001, GDPR, and PCI DSS.
• Excellent leadership, communication, and interpersonal skills.
• Ability to collaborate effectively with cross-functional teams and senior executives.
  
  

Competencies:

STRATEGIC LEADERSHIP – Deliberately communicates overall business strategy and connects it to the work of the functional team. Anticipates future trends and implications accurately. Leverages market knowledge to anticipate, capitalize on and drive change. Articulate credible pictures and visions of possibilities that will create sustainable value. Creates competitive and breakthrough strategies that show a clear connection between vision and action. Is willing to champion an idea or position despite dissent or political risk. Tackles tough issues, sharing sensitive messages or unpopular points of view effectively. Influences inside and outside of functional area for positive impact on business performance. Owns the development of successors and individuals who have potential for further development.

LEADING & MOTIVATING – Serves as a champion and driver of DBI Values and culture. Attracts and selects the best talent to meet current and future business needs. Motivates and inspires others through rewards, authentic connections, and meaningful recognition. Fosters diversity and an inclusive workplace where individual differences are valued and leveraged. Seeks new ways to evolve and challenge self. Develops team through delegation, challenges outside of the comfort zone and effective coaching and feedback. Shares ideas in a compelling manner that gains commitment. Champions change for positive impact on business results.

MANAGING FOR RESULTS – Establishes models and enforces accountability. Gets the most out of available resources and secures rare resources others cannot get. Anticipates and balances the needs of multiple stakeholders. Persists in accomplishing objectives. Pushes the team to elevate goals as results are achieved. Transforms functional area to achieve maximum results. Seizes opportunities and connects business insights to increase profit and revenue.

Qualifications:

Experience:

• Minimum of 8-10 years of experience in IT security, with at least 5 years in a leadership role, with a focus on cybersecurity.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or equivalent certifications.
  
  

Preferred Qualifications:

• Experience working in the retail industry or a similar fast-paced environment is a plus.
  
  

Education:

• Bachelor's degree in Computer Science, Information Technology, or related field.