Job: Director, IT Security

The Director of Information Security reports to the CIO and is responsible for establishing and maintaining a corporate wide security program to ensure that information assets are adequately protected. The person in this position is responsible for identifying, evaluating, and reporting on security risks in a manner that meets compliance and regulatory requirements. The Director of Information Security also serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees, and business information in compliance with the organization's information security policies.

The Director of Information Security will proactively work with business units to implement practices that meet defined policies and standards for security. A key element of this role is working with executive management, Internal Auditing, and Corporate Compliance to determine acceptable levels of risk for the organization. The Director of Information Security must be highly knowledgeable about the business environment and must ensure that information systems are maintained in a fully functional, secure mode.

This position requires a visionary leader with strong skills in technology and business management. The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, an effective consultant, and should possess solid domain competency in the field of information security by having eight to 10 years of direct experience in a significant leadership role.

Requirements and Qualifications:

Minimum of eight to 10 years leadership experience in a combination of risk management, information security, and IT jobs.

Expertise in security compliance requirements under the ISO/IEC 27000 series (including 27001, 27002, 27005 and 27006) and Payment Card Industry Data Security Standards (PCI-DSS) for merchants and service providers.

CISSP and/or CISM certifications required.

Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.

Must be a critical thinker with strong problem-solving skills.

Knowledge of technological trends and developments in the area of security and risk management.

Project management skills; financial/budget management, scheduling and resource management.

Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.