Director of Information Security

Position Summary:

Responsible for the strategy, and security program to ensure information assets and technologies are adequately protected. Identifying, developing, implementing, and maintaining processes across IT to reduce information and information technology risks. Includes all company products both Cloud and on-premise technologies.

This position will be responsible for all aspects of information security across the company. Supporting, developing and maintaining a robust security strategy with the company relevant Security posture, including policies; protocols and procedures across enterprise.

Manages and oversees security aspects of systems to protect data from unauthorized access. Implementing IT security tools and technology to support security strategy. Implementing processes; and performing periodic security assessments and control reviews to assess the effectiveness of network security, web security, host-based security, application-level security, and database security. Accountable for implementing and monitoring adherence to established IT security policies/procedures/standards. Manages resolution for security incidents. Coordination with key functions including IT Operations, IT Applications, IT Integrations, and IT Leadership.

Essential Job Functions:

• Strong knowledge and proficiency with a wide range of security tools to identify and reduce potential threats.
• Manage the development, documentation, implementation, operations, and maintenance of the company’s information security program to ensure the availability, integrity, and confidentiality of information resources
• Establish and maintain standards around security policies, processes and procedures
• Define, implement, and monitor security solutions, including security information and event management (SIEM), intrusion detection, and end-point protection software. Ensure compliance to established security incident process for all incidents/events.
• Provides consultation for applications and infrastructure that compose the company’s computing environment
• Provide consultation of security process and procedures with the company’s clients
• Assists in the preparation and evaluation of risk assessments for systems, software, processes and network design.
• Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access.
• Provide Security policies and guidance to the ITG AWS implementation.
• Maintain and contribute to the security architectural and governance documentation.
• Ensure IT security services to optimized and provide a highly available environment to support ITG business processes
• Stay up to date on developing trends in technology within and outside of your direct sphere of influence
• Develop and implement remediation plans to correct any deficiencies in our environment.
• Researches and recommends technologies to improve security and services to the ITG Technology environment
• Ensure ITG security policies, processes and procedures are implemented and adhered to within ITG Technology
• Own and drive continuous improvement within the services area.
• Ability to communicate and articulate to IT leadership and business leadership.
• Coordinate lifecycle management security solutions and roadmaps.
• Design and execute the company-wide security strategy.
• Establish Security KPIs, to understand health of environment.
• Regular measurement and reporting on the company’s security posture.

Position Requirements:

• Minimum of 8-12 years of Information Security and information technology experience
• Bachelor’s degree in information technology, Computer Science or Information Security
• Certifications in either Certified Information System Security Professional (CISSP) or Cisco Certified Network Associate (CCNA) required.
• Experience with standard security tools: Firewalls, Intrusion Detection/Prevention Systems, Anti-Virus, Vulnerability Scanner
• Significant understanding of IT Infrastructure technologies including cloud, network, server, end-point, mobile, and antivirus technologies.