TRISTAR is currently seeking a new member of the senior management team. This position will have broad functional responsibility across the full continuum for information security strategy and architecture. This will include defining the current information security strategy and clearly communicating the strategy across the business and technology teams.
Responsible for bridging the gap between corporate business process and policy directives and technical security measures
- Understands systems, application development, Compliance and Risk Mitigation.
- Strong manager/leader of the corporate security function and security team.
- Clear vision of the future of corporate security.
- Experienced and comfortable reporting to the highest levels of management and the Board of Directors.
- Able to talk shop with leadership.
- Sophisticated understanding of costs and related benefits of program implementation.
- Understands and can be a leader / driver in program and project management within department.
- This individual must be able to be effective in the execution of security projects and be able to clearly communicate across the IT organization and Executives. Communications and collaborative execution is a CRITICAL component of this role.
The main responsibility is one of risk management, advising senior management about risks to the business due to the implementation of technology used in operations. Responsible for security policies, architectures, standards and enforcement. Primary role is to improve and manage global information security.
SPECIFIC RESPONSIBILITIES of Vice President of Information Technology Security
- Develop, implement and manage the enterprise wide process business risk-based information security strategies and associated architecture consistent with overall corporate strategic plan. Develop and implement a comprehensive Security Program.
- Define, identify and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
- Manage the development and implementation of global security policy, Including policies, standards and guidelines related to personnel, facilities, data security, disaster recovery and business continuity
- Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
- Serve as enterprise focal point for computer security incident response planning, execution and awareness.
- Develop a process to review new facilities, applications and/or technology environments during the development or acquisitions process to ensure compliance with corporate security policies and directions.
- Develop and manage the information classification process.
- Develop and manage enterprise-wide functional and technical security architectures.
- Develop business cases rationalizing ROI in implementing effective Security Programs.
- Implement the Security Program’s risk and control framework and global IT Risk strategy and ensure early recognition of new IT developments and/or risks. Ensure that core IT processes meet business and regulatory control objectives.
- Provide support, coaching and consulting to new Security Program initiatives and projects to ensure alignment and compliance of these projects/initiatives with the Security Program risk and control framework.
- Ensure adherence through auditing and review of critical projects, applications and/or processes.
- Collaborate in a diverse, multi-region, complex, cross-functional environment.
- Develop/manage the information risk analysis, assessment and acceptance processes
- Champion the program using a variety of change management tools.
- Advise business managers and technical personnel as to the implementation of the program in their respective areas.
- Act as the liaison between Internal Audit and IT; review all audit reports and responses to ensure timeliness and the effectiveness of the corrective actions.
- Act as liaison with the physical security department regarding overlapping information security issues, e.g., investigations, badge access as well as with HR regarding personnel issues related to information security; e.g., background checks for security-sensitive positions, terminations due to policy non-compliance.
- Consult with business units regarding their changing business and technical plans to ensure that information security issues are addressed early in a project's life and in the program.
- Consult with senior management in times of an information security crisis to ensure that the crisis is managed properly both internally and externally.
- Advise senior management of changes in the technical, legal and regulatory arenas affecting information security and computer crime. Identify and evaluate critical positions within the security function and establish strategies to develop a strong talent pool. Select, coach and develop talent including the use of performance management tools.
- Works with external IT security providers and software and hardware vendors.
- EDUCATION AND EXPERIENCE
Bachelor’s Degree with a major in business, computer science or related field plus ten years of experience in a broad range of IT hardware and software disciplines or an equivalent combination of education and experience.
- Must possess depth of experience in infrastructure technology and a preference to those that have managed this function.
- Desirable candidates have also had experience in systems development.
- At least five years of experience must include responsibility for information security occurring within the last 10 years. Successful candidates will have an audit and risk management orientation. Excellent communication, facilitation and writing
- Ability to interface with senior management
- Consensus builder, with results oriented commitment
- Business-based thought process with recognition that no policy or change can be successfully implemented without demonstrable business benefit
- Strong leadership, motivation and change management skills required •Project management skills must be highly developed.
- Must be able to provide of balance of strategic ability and hands on tactical execution. Attainment of one of the following certifications is required. Two or more certifications are preferred.
- CISSP – Certified Information Systems Security Professional
- SSCP – Systems Security Certified Practitioner