The Director Information Security will be responsible for overall strategy and execution in establishing and maintaining an enterprise-wide, cost-effective information security program to ensure that all information assets for corporate and franchise are protected. Work in partnership with company leaders to advance the information security needs of the company.
Responsibilities will include building an Information Security team that effectively identifies, evaluates reports on, and mitigates information security risks in a manner that meets internal, compliance and regulatory requirements, and responds to incidents that may occur. Ability to partner with constituents throughout the company to achieve strategic goals and ensure the appropriate balance is achieved between risk and controls. Must possess strong influencing skills to educate and shift the security tolerances of the company, executives, employees, vendors and franchises.
Responsible for Information Security’s Governance, Risk and Compliance program
Build and manage the Information Security team to effectively implement Information Security Governance, Risk and Compliance program
Establish brand security policy and enforcement as pertain to Yum corporate policy
Develop and coordinate the implementation of periodic risk assessments of networked assets that identify vulnerabilities. Recommend the best methodology to mitigate identified vulnerabilities.
Establish, maintain and enforce SaaS provider security framework
Ensure regular penetration testing campaigns are executed to test the effectiveness of security controls on all internal and external device, embedded systems and mobile devices in support of restaurant operations.
Oversee the effective management and reporting on investigations of internal or external security incidents. Prepare post mortem analyses of information security breaches, violations, and incidents and document corrective and preventive action plans.
Provide consultant services and resources to various technology stakeholders to design security controls that ensure the confidentiality, integrity and availability of information utilized throughout company’s portfolio of business and productions applications.
Ensure effective analysis and facilitation of security software selection, hardware selection and other technology control establishment.
Support regulatory and corporate compliance initiatives as they pertain to information and content assets.
Minimum Requirements
10+ years as senior IT leader
5+ years as a InfoSec leader
5+ years managing technical teams
Computer Science or Business Administration degree
Certified Information Systems Security Professional
Certified in or have demonstrable experience with ISO27001/27002/27005
PCI DSS and SOX experience highly desirable
Strong familiarity with DNS and TCP/IP networking
Strong problem solving ability
Strong written and oral communication skills
Proven analytical and problem-solving abilities
Knowledge of the Software Development Life Cycle (SDLC)
Retail experience desirable
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
