Director - Security Systems - HSN - St Petersburg

Job description
This position is responsible for overall direction of all security functions associated with Information Technology, including communications (voice and data), infrastructure, and policies and procedures within the enterprise. This position has the responsibility for enterprise-wide information security, compliance and privacy. Responsibilities
Create and update a comprehensive security plan including protocols, policies, procedures, and guidelines
Develop a multi-year security strategy that encompasses a holistic approach to securing the business.
Ability to present and communicate effectively with peers and senior leadership alike.

Maintain and grow security education/awareness program
Solid understanding of security elements such as network segmentation, defense in depth methodology, data encryption (at rest and in flight), identity management and monitoring, and threat mitigation techniques.
Working knowledge of security principles (such as authentication, auditing, forensic investigation, risk management) and elements (encryption, logging, monitoring, perimeter controls, firewalls).
Monitor information networking, security, and technology trends internal and external to HSNi and keeps management informed about information security-related issues and activities affecting the organization.
Oversee security assessment and analysis to determine existing areas of vulnerability.
Identify areas of risk and develop cohesive strategies to mitigate those risks.
Interview, hire, and counsel direct report employees. Delegate activities and ensure that responsibilities, authorities, and accountability of all subordinates are defined and understood.
Create, update and recommend IT Security Policies and Procedures to enhance the company’s Information Security program.
Provide risk assessment of current and new technology and develop mitigation strategies for those risks.
Manage security vendor relationships and activities.
Provides security positioning statements and consultation as it relates to company and security environment for RFP's and incident response
Ensure all new systems and applications being deployed meet security requirements.
Ensure overall IT Audit functions and required regulatory needs such as PCI, Webtrust, SSAE 16 and SOX are met.
Provide leadership during Security Information Incident Reponses
Responsible for setting metrics and reporting on the metrics to measure the effectiveness of security controls.
Manages Information Security Operational and Capital budgets.
Be the point person 24x7 for Information Security Issues.

Desired Skills and Experience
BSEE or BS in Computer Science or Information Security Required, MS preferred
Minimum of 10 years of successful progressive experience in information security, IT architecture or engineering.
5+ years of experience managing an enterprise information security program preferred.
5+ years of experience designing and implementing enterprise information security policies, processes, and procedures preferred.
5+ years of experience with business system continuity planning, auditing, and risk management as it relates to information security. Experience developing an overall Risk Management strategy and ensuring the execution of that strategy; Understanding the current and future risks to the company and adapting strategy as necessary to respond to changing risks and threats
5+ years of experience working with cloud and mobile technologies, directory services, security infrastructure (including firewalls, intrusion detection/prevention systems, vulnerability management systems, web application firewalls, remote access, PKI, cryptography, application and data security management systems.
5+ years of experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred.
Proficient in IT control areas (i.e., change management, SDLC, Operations).
Demonstrated experience leading and managing an Incident Response Team in the course of a rapidly evolving security incident.
Demonstrated experience overseeing the continuous monitoring and protection of information systems and ensuring that PCI regulatory compliance is met as well ensuring that information privacy and security laws are adhered to including developing key security metrics to demonstrate compliance.
Demonstrated experience in communicating effectively in written and spoken form to broad internal and external entities including non-technical executives, business colleagues, product and service vendors and external peers. Strong ability to influence and persuade others through collaboration.
Strong strategic thinker who can translate vision into tactical execution; strong decision making and project management skills; and ability to effectively prioritize work in a highly dynamic work environment.
Experience with supporting an enterprise with multiple data-center, locations, divisions and subsidiaries with total number of users over 2k people preferred.
Advanced security certification CISSP required. GIAC Security Leadership, Cyber Security Forensics Analyst, ISSAP-CISM preferred.

Enter your email address:

Refer This Job To Your Friends And Help Them To Find Jobs!