The Information Security Director is responsible for the information security improvement programme, making recommendations to increase the security of Christie’s IT systems and confidential information, delivering agreed improvements and communicating changes to internal stakeholders and systems/data users.
Reporting to the Global Chief Information Officer in New York, the Information Security Director will be a key member of the global IT function. They will develop the action plan to implement our comprehensive information security strategy in order to ensure the confidentiality, integrity and availability of information in all media which is processed and stored across Christie’s global businesses. This role requires project and programme management of information security related projects, stakeholder management, strong communication skills and the development of training programs and information security solutions.
Tell me about yourself - The perfect answer - For more visit www.careeradvice.org
Specific duties & responsibilities will include but are not limited to
Identify and analyze Christie’s information security risks, taking into account emerging threats, vulnerabilities and their impacts.
Advise the Data Protection officer on confidential and sensitive information issues and non compliance and support adoption of new privacy legislation.
Design and implement a comprehensive suite of information security controls and risk mitigation options to address unacceptable risks and ensure that information security controls continue to meet Christie’s information security needs
Design, develop, publish and review information security policies, standards and procedures that follow and adhere to recognised industry standards.
Identify key business and IT stakeholders to jointly develop mitigation strategies and key controls, ensuring adequate risk management & escalation.
Carry out information security reviews, conduct risk assessments and perform compliance audits.
Provide internal consultancy to IT and business stakeholders across the organisation and chair internal information security meetings.
Design and implement security awareness programmes and ensure that all security documents and procedures are updated and lead training for end users.
Act as the authoritative escalation point for significant information security issues from across the organisation and perform appropriate security incident response and reporting activities, tracking all actions raised to ensure adoption of improved risk mitigation.
Review the information security aspects of business cases, project proposals, business requirements and internal and third party solution designs & system architectures.
Provide information and system security recommendations to the IT Infrastructure and Application development teams.
Present information security approaches and procedures to all relevant stakeholders up to and including exec level management.
Design, implement and own the Information Security Management System (ISMS).
Maintain knowledge of information security practices and technologies and related regulatory issues.
Manage any third-parties involved in information security monitoring
Working with internal and external auditors to document and confirm all security administrative duties are properly performed as well as demonstrate overall compliance.
Overseeing incident response planning as well as the investigating security breaches, and assisting with disciplinary and legal matters associated with such breaches
Support data protection and data privacy compliance
Evaluating and benchmarking information security issues related to third parties in order to conform to the Division’s Vendor Management policy
The Candidate
CISSP and CISA certifications are required as well as minimum of 8 years experience working in an Information Security capacity.
Experience in a similar senior information security role, preferably in retail or entertainment/media.
Ability to perform gap analysis or facilitate one with the use of QSA for PCI – DSS compliance
Deep knowledge of PCI, PII, EU GDPR and Safe Harbour 2.0 is a must
Proven experience of carrying out compliance to recognised industry standards and of developing and maintaining relevant policies incorporating data protection and regulatory compliance requirements.
Experience of risk assessment and audit processes and techniques within information security.
Strong project management skills and use of MS Project or other PM tool. PMP certification strongly desired.
Experience in Internet, network and application security, as well as authentication, identity management and penetration testing technologies.
Broad understanding of advanced security protocols and standards. Must be able to interace with network engineers, DBAs, and other highly technical resources.
Experience with software and security architectures and an understanding of the principles of secure network design.
Working knowledge of forensic investigations and evidential requirements
Experience of managing external 3rd party cyber forensic investigators.
Experience of working with IT outsourcing/cloud based services.
Knowledge of enterprise class ERP platform; SAP, JDE, etc.
Working knowledge of other IT control frameworks, such as CobiT and ITIL/ ITSM.
Strong experience in Microsoft technologies such as Windows, SQL Server, Exchange, and Office 365.
Positive understanding of anti-virus software, Firewalls and similar products.
Sound knowledge of generic software development lifecycle processes.
The successful candidate will have:
Excellent communication and influencing skills, able to clearly illustrate and communicate with all stakeholders, regardless of their technical knowledge and ability to ensure that information security policies, procedures and guidelines are understood and implemented across the business
Ability to explain business principles of secure system designs in terms of business risk to senior stakeholders in order to develop strategies, proposals and controls.
Ability to write and present complex, high quality documentation.
Excellent stakeholder management skills (up to Executive level)
Team player, able to work collaboratively with project stakeholders at all levels and demonstrate sound facilitation, negotiation and influencing skills.
Able to deal with ambiguity and simplify and solve problems using effective lateral and logical problem solving skills.
Demonstrate flexibility and be prepared to work across multiple concurrent tasks with varied responsibilities.
Highly motivated with the ability to work under own initiative, make sound decisions and take ownership of problems and deliver solutions
The Benefits
Comprehensive Medical, Dental and Vision care plans for employees and dependents (Generally Christie’s pays 80% of total premiums)
401k Savings Plan - Christie’s matches dollar for dollar on the first 5% an employee elects to contribute.
Life Insurance - 3x base salary up to $400k (100% paid by Christie’s)
Disability Insurance (100% paid by Christie’s)
Generous time-off and leave policies
Robust Wellness Program
Onsite weekly yoga class
Discounted and subsidized Gym Membership to Equinox, NYSC & NYHRC
Annual Performance Bonus plan
Commuter Benefits - Pre-tax money towards your daily commute with a Christie’s contribution of $21 per month
Back Up Child & Elder Care - Each employee receives up to 20 days of back-up Child or Elder Care through Bright Horizons
‘Art & Soul’ – Each employee receives one paid day per year to dedicate their time to a charity of their choice
Send To A Friend
Posts
