Director of Information Security
The Director of Information Security is an executive level role responsible for implementing, monitoring, and improving the client’s information security program which includes governance, compliance, risk, and testing activities. This role will direct IT initiatives by providing cybersecurity resources and leveraging deep knowledge of industry best practices and regulatory requirements.
Essential Job Duties & Responsibilities:
•Leads the development and execution of the information security strategy, programs to ensure the integrity, confidentiality, and availability of asset and information owned, controlled, or processed by the client
•Provide expert guidance to the client’s Executive Leadership, the Board of Directors, and service line managers in IT information security matters.
•Directs the development of enterprise-wide information security designs as well as advising on research, development and recommend architectural policies and practices for current and future initiatives from definition phase through implementation
•Drives continuous improvement of the information security program by identifying risk, recommendations for improvements, automation of alerts and remediation, and communication with other IT functions
•Define, document, and manage a cyber incident response plan to include periodic testing to ensure organizational readiness in the event of a cybersecurity incident
•Directs investigations, coordinates the handling and resolution of incidents of a security breach
•Coordinates information security metrics collection; ability to provide analysis and reporting of collected metrics
•Proactively monitor the organization’s network and computing environment to include periodic risk assessments of third-party partner and vendor environments to ensure appropriate controls are in place to protect shared assets.
•Possesses and maintains up to date knowledge on current technology, trends, attacks, and risk mitigation techniques and maintains an awareness of federal and state IT security laws, rules, and regulations
•Responsible for initiating companywide training and communications plans and programs, which include security awareness, security training, security training compliance, security reminders, and new hire security orientation
•Maintaining appropriate skillsets through appropriate training or certification will be expected with regular and effective application of such training in the performance of the position.
Experience Needed:
•Minimum 10+ years of experience in an IT security or information compliance and risk management focused role in banking, financial, healthcare or similarly regulated industry
•7+ years of experience managing IT resources including oversight of data centers
•Familiarity with software and vendors such as Jack Henry, Secureworks, and RSM
Education & Certification Needed:
•Bachelor’s Degree in a technology related program required; MS preferred
•CISSP required
•CISM a plus
Location:
•Omaha, Nebraska
•Onsite and local preferred; hybrid accommodation may be considered for the right individual.
Sponsorship is not available for this specific position.
Capstone IT is an EEO employer
Capstone website: http://www.capstonec.com/
Like us on Facebook: https://www.facebook.com/CapstoneITStaffingSolutions/
Follow us on Twitter: https://twitter.com/capstone__IT/
Connect with us on LinkedIn: https://www.linkedin.com/company/capstone-it-omaha-kansas-city/
