Director, Information Security Job Description
Director, information security
provides subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 17799, CobiT and ITIL.
Director, Information Security Duties & Responsibilities
To write an effective director, information security job description, begin by listing detailed duties, responsibilities and expectations. We have included director, information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Raise the level of Security awareness within Russell within organizations contracted to work with Russell
Anticipate and identify issues inhibiting the attainment of project goals
Facilitate audits and examinations by regulatory agencies
Work directly with business units to facilitate IT risk analysis and risk management processes
Collaborate with leaders and teams across the company to ensure our approach to security meets company cultural principles while achieving security requirements and objectives
Engage third party services providers to perform network penetration and vulnerability testing
Develop a Business Impact Analysis
Develop a Disaster Recovery testing program
Develop a Business Continuity Program
Perform Information Technology Risk Assessments to identify potential control gaps
Director, Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Director, Information Security
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, GIAC, CEH, ITIL, OS, NIST, PMP
Education for Director, Information Security
Typically a job would require a certain level of education.
Employers hiring for the director, information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Engineering, Information Systems, Information Technology, Business, Management, Leadership, Technology, Communication
Skills for Director, Information Security
Desired skills for director, information security include:
NIST
COBIT
Common information security management frameworks
Networking
ITIL
Firewalls
Incident management
Tools
ISO
PCI
Desired experience for director, information security includes:
Document control gaps and work with management to develop remediation action plans
Perform ongoing monthly follow up on issue remediation and report status to Internal Audit
Perform control assurance testing to better define control process narratives and identify potential control gaps
Certifications in CISSO, CISA, CISM a plus
Leverage information security experts and technology to support a secure infrastructure, secure applications, and overall data security
Develop, communicate and ensure compliance with organizational security policies and standards
Director, Information Security Examples
1
Director, Information Security Job Description
Job Description Example
Our company is growing rapidly and is looking for a director, information security. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for director, information security
- Build and lead the security function
- Partnering with agency employees and consultants to ensure understanding of and adherence to the Citywide Information Security Policies
- Promptly reporting security incidents or significant security problems to the CIO
- Acts as an advisor to the CIO regarding compliance with the Citywide Information Security Policies
- Keep up to date on information security topics
- Oversee the establishment and execution of information security training for the agency
- Provide leadership in promoting information security into all appropriate agency business plans and overseeing execution, and especially ensuring that ACS Information Owners understand and execute their responsibilities appropriately
- Establishing an information technology security awareness program to ensure all ACS employees understand and adhere to information technology policies and standards
- Coordinate closely with those responsible for physical security within ACS
- Continuously identifying, updating and maintaining information regarding potential security vulnerabilities, risk and threats to the enterprise information technology infrastructure, and distributing technology security information to appropriate staff
Qualifications for director, information security
- Develop and oversee a set of metrics, reports and service-level agreements (SLAs) to govern the activities of internal and external service providers
- Ensure that end-to-end business processes required to support security services are defined, executed and that continuous improvement is in place
- Vendor relationship and contract management for 5-10 key security vendors, including development of a security vendor strategy
- Establish and maintains key relationships with senior stakeholders within the technology community to ensure the effectiveness and value of architecture to the organization
- Direct, motivate and develop key staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team
- Serve as an expert advisor to senior and executive level management on issues of information security and data protection
2
Director, Information Security Job Description
Job Description Example
Our company is growing rapidly and is looking for a director, information security. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for director, information security
- Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements
- Advise senior management on risk levels and security posture
- Collaborate with organizational managers to support organizational objectives
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance
- Communicate the value of IT security throughout all levels of the organization stakeholders
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
- Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization
- Ensure security improvement actions are evaluated, validated, and implemented as required
- Establish overall enterprise information security architecture (EISA) with the organization
- Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities, and recommend improvements
Qualifications for director, information security
- Strong background with privacy frameworks
- Proficient in security management with specific experience
- Must have excellent verbal and written communication and listening skills due to high amount of interaction with HMH staff, clients, and external vendors
- 15+ years of relevant experience, with a minimum of 7 years work experience in Intel gathering including vulnerability and threat modelling, identifying new sources and mitigating risks following Risk management strategies
- Work with Managing Director to continuously enhance the Intel feeds and threat modeling and enhance security monitoring with new information
- Data Analysis experience (eg
3
Director, Information Security Job Description
Job Description Example
Our company is looking to fill the role of director, information security. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for director, information security
- Build tools for regular reporting on the effectiveness and metrics associated with the security program
- Forecast ongoing service demands and ensure security assumptions are reviewedas necessary
- Identify alternative information security strategies to address organizational security objective
- Identify IT security program implications of new technologies or technologyupgrades
- Interface with compliance officer to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information
- Interpret and/or approve security requirements relative to the capabilities of new information technologies
- Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise
- Lead and align IT security priorities with the security strategy
- Lead and oversee information security budget, staffing, and contracting
- Manage the monitoring of information security data sources to maintain organizational situational awareness
Qualifications for director, information security
- 7+ years in Information Security or a closely related field
- Experience in managing regulated data environments
- Familiarity in security technologies such as firewall, IDS, IPS, SEIM, DLP, and encryption
- Requires Government Issued Secret (Level II) Security Clearance
- Three or more years leading a Information Security Architecture and/or Engineering organization
- Experience creating an information security architectural roadmap, gaining buy-in from within the team with key partners and stakeholders
4
Director, Information Security Job Description
Job Description Example
Our growing company is looking for a director, information security. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for director, information security
- Manage threat or target analysis of Computer Network Defense information and production of threat information within the enterprise
- Monitor and evaluate the effectiveness of the enterprise's IA security safeguardsto ensure they provide the intended level of protection
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cyber security policies
- Oversee the information security training and awareness program
- Provide leadership and direction to IT personnel by ensuring that IA security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities
- Provide technical documents, incident reports, and findings from computer examinations, summaries, and other situational awareness information to Sr Management
- Recommend policy and coordinate review and approval
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken
- Establish recurring and long-range security and compliance goals and KPIs
- Recruit and retain high-performing cybersecurity talent
Qualifications for director, information security
- Deep understanding of information security best practices and industry trends
- Work with the CTO and other IT leaders to oversee the formation and operations of a Company-wide information security program that is organized toward a common goal in information security
- Deep technical understanding of and experience with security technologies including, but not limited to, identity & access management, intrusion detection, incident response, security operations, event correlation, firewall, antivirus, anti -spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development
- Stay abreast of emerging security technologies and integrate them into security architecture as needed
- Bachelor’s Degree from an accredited University preferably within Computer Science
- Certified Information Systems Security Professional (CISSP) - (Must be Current)
5
Director, Information Security Job Description
Job Description Example
Our innovative and growing company is hiring for a director, information security. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for director, information security
- Develop an incident response program and protocol
- Provide a central utility and center of expertise for the enterprise key account teams, proposal teams and external customers to govern and manage information security requirements and requests, focusing on compliance with standards and best practices and continual process improvement
- Serve as the point of contact for IRM as it relates to the account teams (Optum/UHC), Proposal Teams and external customers, including potential and existing business
- Respond to existing customer inquiries around recent industry breeches and vulnerabilities
- Manage, drive and track non-standard requests/agreements made with our customers, establish structure and process
- Tracking and communication of external customer recommendations and requirements for IRM
- Manage external customer expectations around security capabilities, ability for scans, testing, audit and annual review
- Stay abreast of external and industry expectations of security transparency, reporting, and audit and report to IRM leadership
- Produce metrics and reporting to monitor vulnerability remediation planning and execution
- Serve as the business’s escalation channel for IRM concerns and issues related to external customers
Qualifications for director, information security
- 5+ years working in IT Risk or Audit
- Oversee the delivery of a portfolio of enterprise security services across a wide range of security domains and service providers
- Develop plans for implementation of the information security strategy and oversee the implementation of security road maps through investment allocation and prioritization of security activities Direct and lead multiple projects and initiatives related to enterprise-wide information security improvement efforts
- Lead and govern the execution and delivery of security services resulting in solutions that are aligned to enterprise architecture visions and strategies
- Bachelor's Degree Technology or related field or equivalent
- Or Master’s Degree in Computer Science, Information Systems, or other related