The IT Security Director is responsible for establishing and maintaining an enterprise risk management program to ensure Ironman information assets are adequately protected. Additional responsibilities will include, but are not limited to, developing security policies, standards and guidelines; working with business leaders to facilitate IT risk assessments and identifying acceptable levels of residual risk; managing security incidents and events; and directing security and risk management projects. Additionally, this position will lead and monitor compliance for SOX, PCI and GDPR.
DUTIES and RESPONSIBILITIES:
- Stays up to date on current and future security technology and trends and acts as a key advisor to align business and security
- Monitors and routinely audits compliance to all information security procedures and policies and ensures consistency of internal controls across departments.
- Participates in review of relevant Information Security aspects of RFP, Contract, Policy and Process documentation
- Act as primary interface for client and third-party IT security audits providing oversight and guidance and ensuring compliance
- Owns and maintains PCI compliance and the IT Security related portions of SOX and GDPR compliance standards to ensure standards are met in an ongoing compliant manner
- Assist other IT teams in system and software architecture and design to ensure that assets and implementations are appropriately secure
- Works closely with the internal legal team to perform risk assessments in the IT Infrastructure space to identify and mitigate potential gaps
- Manages the ongoing vulnerability scanning and assessment process and partners with other IT teams to resolve vulnerabilities in a timely manner to maintain compliance
- Partners with the Infrastructure team with management of security tools, systems and processes including - Logging / IDS / IPS / Endpoint Protection / Web filtering and Proxy / MDM / DLP and Vulnerability Assessment.
- Reviews and recommends firewall changes
- Monitors and escalates, as appropriate, all intrusion detection and network incidents
- Provides oversight, guidance and development of requirements for vendor selection for new and replacement technologies within the IT Security footprint
- Stays current on threats applicable to Ironman’s environment and brand, and recommends mitigating actions or risk-reduction configurations or solutions
- Identifies and incorporates opportunities for improvements to the Security and Compliance program, and communicates such opportunities effectively to management
- Assists with Security Awareness program and ensures that user community understands and adheres to necessary procedures to maintain security
KNOWLEDGE and SKILLS:
- Excellent leadership with interpersonal skills
- Understanding of budgets and business planning
- Effective communicator, including strong writing and presentation skills
- Ability to think and act strategically and proactively
- Must be committed to a culture of continuous improvement
Work Experience &/or Education:
- Solid understanding of IT security concepts with an emphasis on Security and Risk Assessment
- Have participated in PCI audits, with ability to provide resolution of findings across the enterprise
- Requires broad understanding of Public Key Infrastructure (KPI), encryption, network security controls, tools and functionalities.
- Requires strong analytical thinking skills
- Excellent PC skills and demonstrated proficiency with MS Office Suite
- Ability to handle multiple tasks and prioritize work effectively
- Familiarity with Identity Management (IDM) concepts
- Familiarity with PCI and National Institute of Standards and Technologies (NIST)
- Familiarity with Anti-Virus and Internet Security
- Familiarity with GDPR requirements and implementation
- Security-related professional designation preferred, CISSP, SSCP, CEH, SANS-GIAC, etc.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.