Director of Information Security
$135,000 - $155,000/Yr
Inb Co.Ltd - Springfield, IL
posted about 1 month ago
Full-time - Senior
Springfield, IL
About the position
The Director of Information Security will oversee and manage compliance-related activities, security infrastructure, and operational security monitoring within the organization. This role is crucial for maintaining a strong security posture by adhering to relevant frameworks, managing risk, and effectively responding to security incidents. The ideal candidate will possess a robust background in compliance management and security infrastructure, focusing on implementing and maintaining security tools and frameworks.
Responsibilities
- Maintain business continuity plans to ensure organizational resilience.
- Conduct risk assessments and manage risk mitigation strategies to protect organizational assets.
- Manage and enforce security policies, standards, and procedures in line with industry standards.
- Lead the organization's incident response efforts, ensuring timely and effective resolution.
- Oversee change management processes to ensure that security impacts are assessed and managed.
- Continuously monitor security operations to identify and address potential threats and verify effective controls operation.
- Manage identity and access controls to safeguard sensitive information.
- Participate in external audits, ensuring compliance with regulatory requirements.
- Implement and track remediation efforts for audit findings to ensure compliance and security.
- Assess and manage third-party vendors to ensure they meet security requirements.
- Deliver security awareness training programs to educate employees on best practices.
- Ensure compliance with key frameworks including NIST 800-53 and NIST CSF and regulatory compliance such as GLBA.
- Manage and configure data loss prevention solutions to protect sensitive data.
- Oversee the management of email security solutions to prevent phishing and other email-based threats.
- Manage SIEM system and vendors, including ongoing data onboarding, SOC management, and incident handling.
- Manage endpoint protection solutions to safeguard the organization's assets.
- Conduct vulnerability assessments and provide recommendations for remediation.
- Monitor and manage data access, ensuring that sensitive data is properly secured.
- Continuously monitor security operations to detect and respond to security incidents.
- Lead, mentor, and develop a team of IT professionals, fostering a collaborative and productive work environment.
- Set clear objectives and manage team performance to meet organizational goals.
- Coordinate with cross-functional teams to ensure seamless integration and support of IT initiatives.
- Facilitate regular team meetings to align on priorities, share knowledge, and address challenges.
- Provide guidance and support to team members on technical issues, career development, and performance improvement.
Requirements
- Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent work experience.
- At least 5 years of experience in information security, compliance, or a related field.
- Strong understanding of NIST frameworks (NIST 800-53, NIST CSF).
- Experience managing information security compliance programs and conducting risk assessments.
- Excellent problem-solving skills and the ability to work both independently and as part of a team.
- Ability to effectively respond to security incidents.
- Strong communication skills, with the ability to convey complex security concepts to non-technical stakeholders.
- Relevant certifications such as CISSP, CISM, or CRISC.
Nice-to-haves
- Familiarity with ITIL practices and regulatory compliance.
- Experience with hybrid cloud environments.
