Director of IT Security & Compliance at CareerBuilder

Posted in Other 12 days ago.

Location: Nashville, Tennessee

Job Description:

Nashville, Tennessee

Job Description

Primary Responsibilities

The Director of IT Security and Compliance serves as the process owner of all activities related to the availability, integrity and confidentiality of client, Firm and employee information in compliance with the organization's information security policies. This position is responsible for establishing and maintaining a firm-wide information security management program to ensure that information assets are adequately protected. The Director of IT Security and Compliance is being established to ensure we cultivate a security-conscious workplace culture throughout our firm.

This role is responsible for creating, implementing, managing, and enforcing IT security and IT compliance strategies and policies relating to information security, physical security, business continuity planning, crisis management, privacy, and compliance. This position works closely with senior leadership in IT and Risk Management to establish security and compliance practices, oversee day-to-day matters relating to security and compliance, and to address any security or compliance related challenges.

* Develop, implement and oversee an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives.

* Develop and oversee effective business continuity and disaster recovery policies and standards for IT systems.

* Coordinate the development and implementation of incident response plans and procedures and manage the lifecycle review of related documentation and processes.

* Oversee the development and testing of a comprehensive incident response plan to ensure business-critical services are recovered in the event of a security event.

* Provide proactive reporting on the status of our information security program and regular threat briefings to enterprise risk teams, senior business leaders and the Board.

* Ensure access to systems and information are governed by strong identity and access management protocols.

* Collaborate with Risk Management to develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.

* In conjunction with Risk management, develop and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.

* Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.

* Oversee security and compliance planning and implementation for new or existing enterprise system(s) and ensure that the design of hardware, operating systems and software applications adequately address security and compliance controls.

*Ensure that information security requirements are included in all vendor contracts.

* Lead a team of security professionals that are results-oriented and that maintain appropriate certifications and a relevant skill-set.


* Minimum of seven to 10 years of experience in a combination of risk management, information security and IT (at least five must be in a senior leadership role).

* Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist

* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

* Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.

* Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs.

*Poise and ability to act calmly and competently in high-pressure, high-stress situations.

*Must be a critical thinker, with strong problem-solving skills.

*Knowledge and understanding of relevant international legal and regulatory requirements.

* Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

* Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

* High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity

Pillsbury Winthrop Shaw Pittman LLP is an Equal Opportunity Employer.