The Director of Corporate Information Security (DCIS) develops and maintains enterprise security and risk policies, oversees internal and vendor risks, and influences user behavior. The DCIS is responsible for managing risk relating to information security, physical security, business continuity planning, crisis management, privacy, and compliance. The role also directs the adoption and implementation of policies and procedures across the enterprise.
Essential Responsibilities and Accountabilities
- Sets usage and security policies for information being shared on internal or external platforms.
- Creates and maintains an information security awareness program to customize communication tools and campaigns.
- Facilitates meetings and relationships that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies
- Manages responses and IT activities related to internal and external security audits as well as RFP or customer security related questionnaires.
- Coordinates business continuity planning efforts across business units and shared services groups.
- Negotiates through understanding the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with recommended risk investments.
- Expert level skills required:
- Information Policy Formation
- Information Security Management
- IT Standards, Procedures, and Policies formation
- Business Risk Management
- Fully competent level skills required:
- Business strategy formation
- IT Risk Assessment & Management
- IT Business Continuity Management
- IT Governance Formulation
- Stakeholder Management
- Working knowledge level skills required:
- IT Financial Management
- IT Audit
- Team Management
Educational & Experience Minimum Requirements
- Bachelor’s degree in computer science, management information systems, business administration or related discipline desired; work related experience will be considered in place of degree.
- More than eight years of professional experience in information security analyzing and applying information security, risk management, and privacy practices.
- Experience in strategic planning, budgeting, and allocation
- Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS
- While performing the duties of this job the employee will work in an office environment.
- The employee must occasionally lift and/or move up to 25 pounds.