DIRECTOR, CYBERSECURITY GOVERNANCE AND STRATEGY

at TalentBridge
Location Riviera Beach, FL
Date Posted November 28, 2019
Category Default
Job Type Contract to Hire

Description

The Cybersecurity organization manages the data protection strategies for the global enterprise. This is accomplished through the development, implementation, and administration of programs that help address compliance requirements to international, federal and industry standards, while protecting stakeholders and related information. The Director of Security Governance and Strategy serves as a senior leader within our Client’s Cybersecurity organization. This role will partner in defining an enterprise cyber risk strategy and provide risk management oversight; contribute to the establishment of an enterprise-wide cyber security policy framework and minimum standards; inform and execute enterprise-wide cyber security compliance through controls definition and assessment and process oversight; and ensure cyber security operational effectiveness through cyber security KPI selection and performance assessment, and oversight of employee awareness and training programs. Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the global enterprise. Reporting to the CISO, this position is responsible for leading and implementing information security strategy, governance, and planning for our Client’s and developing enterprise capabilities for security strategy, policy management, security risk management, security awareness, enterprise cybersecurity governance, audits, product security risk management, business management office and customer/business outreach. This role would also be responsible for the Identity and Access Management (IAM) program oversight and execution.

KEY RESPONSIBILITIES

  • Prepare and present business oriented cyber risk management communication to leaders, including to senior executives. Communication may also extend to risk management presentations to industry and government forums
  • Lead and oversee the process for identifying and routinely re-evaluating principal information and cybersecurity risks, as aligned to the primary business functions and business areas, including medical devices and manufacturing, of the global enterprise. This critical responsibility establishes the foundation for global information risk management, guiding the overall approach to setting priorities and allocating risk management capital and human resources
  • Define and develop Information Security policies and standards using industry best practices and frameworks, in alignment with business needs and other business and IT/Digital policies
  • Lead a coordinated strategy to the design and implementation of programs for evaluating new and emerging risks. These include cloud, mobile, analytics, social and 3rd party risks
  • Oversee identification, management and protection of data in accordance with its value and risk, and retained in pursuant to applicable business, legal and regulatory requirements
  • Develop strong relationships and work with business counterparts, and other Business and Technology teams in defining the information security strategy and governance processes
  • Ensure that an appropriate system of controls is in place and that the requisite level of compliance, commensurate with risks, is implemented throughout the global enterprise; partner with Legal and others to identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
  • Build a reputation of collaboration with all Cybersecurity Towers to ensure that the overall security strategy and annual goals are accomplished
  • Understand the IT environment and work with the appropriate business units to make risk-based decisions; identify, manage and mitigate security risks
  • Participate in the acquisition due diligence process by assessing risks associated with potential acquisitions and working with third-parties to execute due diligence and remediation programs
  • Identify and appropriately delivery on continual improvement opportunities for the services being delivered by the Cybersecurity organization

HR RESOURCE STRATEGY

  • Design, implement and manage the human resource strategy for the Cybersecurity team, including succession planning, career path progression planning, leadership development, skill benchmarking, and resource prioritization and optimization for staff and a third-party service workforce
  • Organize and oversee the performance of the Security Governance team; conduct performance evaluations and provide feedback in accordance with our Client’s HR policies

QUALIFICATIONS

  • 13-15+ years of information and cybersecurity related experience focused on security strategy, governance, and information security risk management
  • 12+ years of experience managing information security teams of 10+ resources and working in high client / business interaction environment
  • Experience setting information security strategy and developing security policies and governance requirements
  • Experience managing large cybersecurity programs such as Identity and Access Management (IAM)
  • Demonstrated experience engaging senior leadership across a global organization to communicate and facilitate business-oriented risk management goal setting and decision making
  • Demonstrated experience with information risk management frameworks, including practical approaches to tailoring framework implementations to meet business needs.
  • Demonstrable knowledge of applicable laws and regulations including Sarbanes-Oxley (SOX), GDPR; as well as, quality regulations and guidelines
  • Demonstrable knowledge of Information Security frameworks, including but not limited to: the IT Infrastructure Library (“ITIL”) and Control Objectives for Information and Related Technology (“COBIT”), ISO 27001, NIST Cyber Security Framework etc.
  • Possession of industry certifications highly preferred including, but not limited to, Certified Chief Information Security Officer (C|CISO), Certified Information Systems Security Professional (“CISSP”), Certified Information Systems Auditor (“CISA”), Certified Information Security Manager (“CISM”), Information Systems Security Management Professional (“ISSMP”), and Systems Security Certified Practitioner (“SCCP”)

Drop files here browse files ...