Director of Information Security

Category : Information Technology
Location/City : TX - Houston
Id : 38402

We are searching for a Director of Information Security — someone who works well in a fast-paced setting. In this position, you'll establish and maintain a corporate-wide information security management program to ensure that information assets are adequately protected. In this position you'll be responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.
Think you've got what it takes?
Job Duties & Responsibilities
  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines
  • Oversee the approval, training, and dissemination of security policies and practices
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
  • Provide direction, support and in-house consulting for development and implementation plans and procedures for business continuity and disaster recovery
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings
  • Develop and enhance an information security management framework including log management, review of controls, review of output from security monitoring applications and devices
  • Facilitate a metrics and reporting framework to measure the capability of the security framework
  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Monitor the external threat environment for emerging threats

Skills & Requirements
  • Bachelor's Degree required in Computer Sciences/MIS
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley
  • Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card
  • Industry/Data Security Standard
  • Ten to fifteen years of experience in a combination of risk management, information security and IT jobs
  • At least eight years must be in an information security role
  • At least five years in an IT leadership role — preferably in information security
  • Information Technology Infrastructure Library (ITIL) certification is preferred
  • Knowledge of Budgeting and Variance Analysis, Regulatory Standards/Regulation's, Hospital operations and Data analysis

Lets Go!