Reporting to the CIO, the Senior Director, Chief Information Security Officer is the senior leader responsible for establishing and maintaining our world-wide information protection and enterprise security programs which includes, security operations, incident response, vulnerability management, identity management, network security, disaster recovery, risk, policies, governance and compliance.
This position will have responsibility to lead and influence security strategy efforts across the enterprise, to protect assets, align and prioritize our enterprise-wide information protection and security investments, to establish an enhanced information protection framework, mitigate risks, strengthen defenses, improve detection of malicious activities, and minimize vulnerabilities.
This role in collaboration with other business leader’s, will be responsible for identifying, evaluating, and reporting on information protection and security risks across the enterprise, and as appropriate will work with other company leaders to determine acceptable levels and drive risk mitigation solutions for the company.
This position will have responsibility to influence information and security strategy actions cross-functionally and must possess a high degree of integrity, sound judgment, as well as have domain competency in the field of enterprise security and risk management. The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, have a strong knowledge of information protection industry best practices, infrastructure technologies, knowledgeable about attack vectors and techniques attackers use, and strong influencing skills.
Desired Skills and Experience
Key Responsibilities of the Senior Director, Chief Information Security Officer:
• Develop, implement, and manage an enterprise-wide information protection and enterprise security strategy to ensure the security, integrity, confidentiality, and availability of NetApp’s information assets.
• Ensure all enterprise staff, systems, processes and tools are aligned with NetApp’s information protection and enterprise security strategy
• Lead and leverage a team of direct and indirect information and enterprise security SME’s to drive enterprise-wide information protection and security strategies and programs.
• Build and sustain information protection and enterprise security organization such that it can keep pace with the rapidly evolving threats.
• Develop, maintain, and publish up-to-date information security policies, standards and guidelines.
• Develop and oversee enterprise-wide information protection and security awareness and education
• Assess, collaborate cross-functionally and oversee NetApp’s enterprise-wide security investments.
• Work directly with the business unit leaders to facilitate enterprise-wide, security risk assessments and risk management processes, including maintaining, communicating and ensuring compliance with organizational security policies
• Develop a roadmap for driving improvements in our information security posture.
• Serve as objective central point for security related issues by balancing protection of the enterprise with the need to be operational effective.
• Maintain and mature our ISO27001 certification
• Establish security standards for application, infrastructure, xAAS usage and development.
• Provide subject matter expertise to executive management on a broad range of security standards, best practices, and compliance requirements.
• Lead team to assess and coordinate organizational critical response efforts for information protection and security events
• Develop business-relevant metrics and dashboard to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of our information protection and security programs.
Qualifications of the Senior Director, Chief Information Security Officer:
• Bachelor’s degree or equivalent experience in a relevant discipline (Masters, JD or MBA, highly preferred).
• 15+ years of experience in the IT field and 5+ years in a security-related role
• C-level and Board of Director executive interaction experience preferred
• Demonstrated experience driving strategy with cross-functional Exec-level stakeholders
• Proven knowledge and experience across multiple information protection and security domains
• Broad knowledge and experience across IT infrastructure with emphasis on end user, hosting and networking domains
• Experience with security frameworks and standards such as ISO 17799/27001, NISPOM, PCI, and other relevant security-related regulations
• Understanding and effectively applying trends and developments in the area of global security and risk management
• Ability to frame and communicate security and risk-related concepts to all technical and nontechnical audiences, at all levels
• Demonstrated ability to drive organizational change and work with multiple business units of an organization to effect change
• Extensive interpersonal skills with the ability to work effectively with end-users, IT peers, managers and attorneys
• Excellent written, verbal, public speaking, communication and presentation skills
• Professional security certifications such as CISSP, CCISO, or CISA or equivalent experience
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
