At Crestron Electronics, Inc we build the technology that integrates technology.
We are proud to be the largest and most recognized brand in automation and control solutions, and the premier technology partner for fortune 500 businesses globally.
Our products’ are integrated into new high-tech commercial buildings’ to include some of the most exciting real estate throughout the world. Our clients include Google, Microsoft, Amazon, LinkedIn and many others. We are the leaders in one of the most exciting and fastest growing industries in the world!
Our automation and control solutions for homes and buildings allow our clients to control entire environments with the push of a button, integrating systems such as Audio Visual, Lighting, Shading, Security, Building Management Systems and HVAC to provide greater comfort, convenience and security.
The Director of IT Security will be the most senior information security executive in the company and will be a key member of the leadership team, playing a critical role in securing the organization globally. This individual will be a proven dynamic leader who will lead the continuing evolution of a best-in-class global, enterprise wide information security program that operates as an enabler to the business. S/he will provide high quality information security, compliance, governance and regulation and IT securityrisk management strategy and services to enable delivery of solutions and services to the business. The Director of IT Security will provide innovative and scalable capabilities, services and consulting to stakeholders in support of preventive data security posture.
Reporting to the Chief Information Officer (CIO), the Director of IT Security is viewed as an integral member of the management team and an important change agent in the organization.
Desired areas for change and improvement include, but aren't limited to, the following:
- Security Architecture: Defining and refining the organization structure including roles, responsibilities and accountabilities for services related to your area.
- Identity & Access Management: Transforming the architecture and identity & access management capabilities. In addition to the Company's thousands of associates globally, identity & access management responsibilities transcend to several million partners and customers globally that transact business with the Company through our Partner and Service Portals, our Web sites, mobile applications and web site. Our business is digital, and therefore the strategy of authentication, identification, related measurements and services are important enablers to optimizing our service to our end users.
- Security Posture in a Digital Environment: IT Security is increasingly important and strategic to our business and to our customers. As the leader of IT Security, the Director of IT Security will be integrated into the Company's business as it evolves to be more digitally enabled with advanced services and solutions. Our security posture, compliance with NIST, ISO and other security system frameworks is important to the company and to Executive management. As our business and digital strategies evolve, cyber, product and information security become more critical to maintaining shareholder value and customer trust.
Specific responsibilities will include:
- Develop and implement strategy, functions and metrics to manage cyber and information securityrisk across the Company globally.
- Determine which functions to outsource and which functions to insource along with implementing these decisions.
- Create and chair a Security Governance Council, a council of leading executives inside the company who collaborate to set direction and implement decisions, directions, and projects necessary to protect the company internally as well as externally in our marketplace.
- Meet and communicate effectively with the Executive management on security topics and ensure that our risks are known and openly discussed, and that action plans are in place to mitigate key risks.
- Manage Security vendor relationships and optimizing value from these relationships. Promote and advance a culture of continuous improvement.
- Establish and maintain a culture of people development, teaching the team how to manage talent more strategically, with succession plans, people development plans and accountability for follow through.
- The ideal candidate will be a seasoned security & technology leader with demonstrated experience developing and leading a world-class, enterprise-wide information security & risk management program within a technology-driven company operating in a multi-national environment.
- The ideal candidate will have 10+ years of experience that includes designing and implementing an enterprise information security strategy and program; s/he will demonstrate industry leading security innovation skills and have an eye towards understanding the threat environment from a preventative and proactive posture.
Specific desiredqualifications & experience include:
- Minimum of 8 to 10 years of experience in a combination of risk management, information security and IT jobs. At least four must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Must be a critical thinker, with strong problem-solving skills.
- Knowledge and understanding of relevant regulatory requirements.
- Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
- Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials, is desired.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST CSF’s.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision.
Bachelor of Science degree preferred. An MBA a plus