The Director of Information Security is responsible for all aspects of information security and cyber security across all of IT including: developing and maintaining a robust security strategy with solid security policies; protocols and procedures across enterprise security architecture, security operations centre, datacentre security, and network security including cloud and applications security with appropriate security measures and initiatives. This role also advises senior leaders and other stakeholders on the further development, implementation and management of a country-wide IT security infrastructure that contains appropriate control objectives for system integrity, availability, reliability, resilience, confidentiality and assurance to company, industry and international standards.
Tell me about yourself - The perfect answer - For more visit www.careeradvice.org
Leads, mentors and coaches IT Security & IT staff with responsibility for hiring, training, performance management and the implementation of key performance indicators and service based metrics. Particular emphasis on the development of team members to increase the overall bench strength, capability, competency and resilience of team and function.
Ensures ongoing leadership, oversight and alignment between the needs of the business, network operations and security operations.
Develops and maintains a security incident response plan that includes the ongoing test of the effectiveness of the program.
Collaborates with key subject matter experts, both internal and external to analyse and assess the current and future threat landscape to continually audit and develop a comprehensive security program that addresses identified risks and business operations.
Ensures that all security monitoring systems and processes are robust and functional while providing overall co-ordination and management of cyber and information security activities across the company.
Owns and leads key information security projects across the business working with internal and external stakeholders to ensure robust on-time, on-cost delivery.
Ensures close collaboration between the infrastructure, application development and security teams to incorporate enterprise security standards into each segment of the SDLC.
Overseas the ongoing review, selection, deployment, monitoring, maintenance and enhancement of the company’s security technology and architecture.
Acts as a primary subject matter expert, resource and liaison for law enforcement and security regulatory agencies, partnering closely with corporate support departments such as: facilities, legal, human resources, finance etc.
Shares intelligence information, develops and maintains relationships with law enforcement, security industry and government agencies.
Provides analysis and input into security investment decisions, strategies and budgets.
Implements and communicates enterprise security policies and standards including security training and awareness program to all technical and non-technical staff to promote adoption and practice.
Monitors and advises on any changes in industry standards or legislation including changes required to own organization or operations environment.
Required Skills and Experience
Bachelors (Masters preferred) in Management Information Systems, Computer Science, Engineering or equivalent.
Obtained one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC), Project Management Professional (PMP) or other related certifications.
Minimum of 10 years of information security management experience with progressive managerial responsibility gained in a globally distributed enterprise environment.
Applied leadership experience overseeing security initiatives in a large, preferably global enterprise.
Demonstrable experience of emergency preparedness, critical incident management, business continuity and disaster recovery.
Experienced with large IT Infrastructure and/or IT security projects, e.g. firewall deployment, NAC implementation, web proxy upgrade etc.
Prior experience with information security frameworks, secure network architecture and design, cloud computing, and secure application architecture/design.
Proven experience of leading a dispersed, multi-site team.
Strong working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud networks.
Experienced in developing policies and procedures for identity and access management, security programs, security procedures, security standards, requirement definition, and project management plans.
Adept in creating business cases and user cases including the ramification of various system, network and application security decisions and recommendations.
Articulate with strong verbal and written communication skills including technical and non-technical audiences.
Preferred Skills
Experienced in working within a centralized/decentralized matrix business environment.
Knowledge of SEI’s CMMI model for secure software development.
Broad experience of conducting risk assessments including presenting recommendations to c-suite.
Send To A Friend
Posts
