Director of Information Security
$165,000 - $175,000/Yr
The Bonadio Group - Rochester, NY
posted about 1 month ago
Full-time - Senior
Rochester, NY
Administrative and Support Services
About the position
The Director of Information Security at The Bonadio Group is responsible for leading and managing the firm's information security strategies, initiatives, and operations. This role is crucial for protecting digital assets, ensuring compliance with regulatory requirements, and promoting a culture of cybersecurity awareness within the organization.
Responsibilities
- Develop, implement, and maintain a comprehensive information security strategy aligned with organizational goals.
- Establish and enforce policies, procedures, and guidelines to ensure information security and data privacy.
- Identify, assess, and mitigate security risks across the organization's IT infrastructure.
- Conduct regular risk assessments, vulnerability scanning, and penetration testing to identify vulnerabilities.
- Work with the Chief Risk Officer to implement risk mitigation plans and corrective actions.
- Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, CCPA, HIPAA, SOC-2, ISO 27001, NIST & Zero Trust frameworks).
- Manage relationships with regulatory bodies and auditors.
- Develop and maintain an incident response plan to address and mitigate security breaches and cyberattacks.
- Lead the investigation and resolution of security incidents, including post-incident analysis and reporting.
- Build and lead a high-performing information security team, including recruitment, training, and mentorship.
- Foster a culture of security awareness across all levels of the firm through training and communication.
Requirements
- Accredited BS/BA degree in Information Security, Information Technology or equivalent.
- At least 10 years of experience in information security, with at least five years in a leadership role.
- Knowledge of cybersecurity and information security regulations applicable to The Bonadio Group (HIPAA, NY SHIELD, NIST).
- Relevant certifications such as CISSP, CISM, CISA, or equivalent.
- Knowledge of information security frameworks, technologies, and best practices.
- Proven experience in risk management, compliance, and incident response.
- Ability to travel to various firm offices.
Benefits
- Flexible work hours
- Mentoring and training programs
- Diversity of work
- Path to Partnership
