Director, Information Security Job Description
Director, Information Security Duties & Responsibilities
To write an effective director, information security job description, begin by listing detailed duties, responsibilities and expectations. We have included director, information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Director, Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Director, Information Security
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, GIAC, CEH, ITIL, OS, NIST, PMP
Education for Director, Information Security
Typically a job would require a certain level of education.
Employers hiring for the director, information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Engineering, Information Systems, Information Technology, Business, Management, Leadership, Technology, Communication
Skills for Director, Information Security
Desired skills for director, information security include:
Desired experience for director, information security includes:
Director, Information Security Examples
Director, Information Security Job Description
- Build and lead the security function
- Partnering with agency employees and consultants to ensure understanding of and adherence to the Citywide Information Security Policies
- Promptly reporting security incidents or significant security problems to the CIO
- Acts as an advisor to the CIO regarding compliance with the Citywide Information Security Policies
- Keep up to date on information security topics
- Oversee the establishment and execution of information security training for the agency
- Provide leadership in promoting information security into all appropriate agency business plans and overseeing execution, and especially ensuring that ACS Information Owners understand and execute their responsibilities appropriately
- Establishing an information technology security awareness program to ensure all ACS employees understand and adhere to information technology policies and standards
- Coordinate closely with those responsible for physical security within ACS
- Continuously identifying, updating and maintaining information regarding potential security vulnerabilities, risk and threats to the enterprise information technology infrastructure, and distributing technology security information to appropriate staff
- Develop and oversee a set of metrics, reports and service-level agreements (SLAs) to govern the activities of internal and external service providers
- Ensure that end-to-end business processes required to support security services are defined, executed and that continuous improvement is in place
- Vendor relationship and contract management for 5-10 key security vendors, including development of a security vendor strategy
- Establish and maintains key relationships with senior stakeholders within the technology community to ensure the effectiveness and value of architecture to the organization
- Direct, motivate and develop key staff, maximizing their individual contribution, their professional growth and their ability to function effectively with their colleagues as a team
- Serve as an expert advisor to senior and executive level management on issues of information security and data protection
Director, Information Security Job Description
- Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements
- Advise senior management on risk levels and security posture
- Collaborate with organizational managers to support organizational objectives
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance
- Communicate the value of IT security throughout all levels of the organization stakeholders
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
- Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization
- Ensure security improvement actions are evaluated, validated, and implemented as required
- Establish overall enterprise information security architecture (EISA) with the organization
- Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities, and recommend improvements
- Strong background with privacy frameworks
- Proficient in security management with specific experience
- Must have excellent verbal and written communication and listening skills due to high amount of interaction with HMH staff, clients, and external vendors
- 15+ years of relevant experience, with a minimum of 7 years work experience in Intel gathering including vulnerability and threat modelling, identifying new sources and mitigating risks following Risk management strategies
- Work with Managing Director to continuously enhance the Intel feeds and threat modeling and enhance security monitoring with new information
- Data Analysis experience (eg
Director, Information Security Job Description
- Build tools for regular reporting on the effectiveness and metrics associated with the security program
- Forecast ongoing service demands and ensure security assumptions are reviewedas necessary
- Identify alternative information security strategies to address organizational security objective
- Identify IT security program implications of new technologies or technologyupgrades
- Interface with compliance officer to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information
- Interpret and/or approve security requirements relative to the capabilities of new information technologies
- Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise
- Lead and align IT security priorities with the security strategy
- Lead and oversee information security budget, staffing, and contracting
- Manage the monitoring of information security data sources to maintain organizational situational awareness
- 7+ years in Information Security or a closely related field
- Experience in managing regulated data environments
- Familiarity in security technologies such as firewall, IDS, IPS, SEIM, DLP, and encryption
- Requires Government Issued Secret (Level II) Security Clearance
- Three or more years leading a Information Security Architecture and/or Engineering organization
- Experience creating an information security architectural roadmap, gaining buy-in from within the team with key partners and stakeholders
Director, Information Security Job Description
- Manage threat or target analysis of Computer Network Defense information and production of threat information within the enterprise
- Monitor and evaluate the effectiveness of the enterprise's IA security safeguardsto ensure they provide the intended level of protection
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cyber security policies
- Oversee the information security training and awareness program
- Provide leadership and direction to IT personnel by ensuring that IA security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities
- Provide technical documents, incident reports, and findings from computer examinations, summaries, and other situational awareness information to Sr Management
- Recommend policy and coordinate review and approval
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken
- Establish recurring and long-range security and compliance goals and KPIs
- Recruit and retain high-performing cybersecurity talent
- Deep understanding of information security best practices and industry trends
- Work with the CTO and other IT leaders to oversee the formation and operations of a Company-wide information security program that is organized toward a common goal in information security
- Deep technical understanding of and experience with security technologies including, but not limited to, identity & access management, intrusion detection, incident response, security operations, event correlation, firewall, antivirus, anti -spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development
- Stay abreast of emerging security technologies and integrate them into security architecture as needed
- Bachelor’s Degree from an accredited University preferably within Computer Science
- Certified Information Systems Security Professional (CISSP) - (Must be Current)
Director, Information Security Job Description
- Develop an incident response program and protocol
- Provide a central utility and center of expertise for the enterprise key account teams, proposal teams and external customers to govern and manage information security requirements and requests, focusing on compliance with standards and best practices and continual process improvement
- Serve as the point of contact for IRM as it relates to the account teams (Optum/UHC), Proposal Teams and external customers, including potential and existing business
- Respond to existing customer inquiries around recent industry breeches and vulnerabilities
- Manage, drive and track non-standard requests/agreements made with our customers, establish structure and process
- Tracking and communication of external customer recommendations and requirements for IRM
- Manage external customer expectations around security capabilities, ability for scans, testing, audit and annual review
- Stay abreast of external and industry expectations of security transparency, reporting, and audit and report to IRM leadership
- Produce metrics and reporting to monitor vulnerability remediation planning and execution
- Serve as the business’s escalation channel for IRM concerns and issues related to external customers
- 5+ years working in IT Risk or Audit
- Oversee the delivery of a portfolio of enterprise security services across a wide range of security domains and service providers
- Develop plans for implementation of the information security strategy and oversee the implementation of security road maps through investment allocation and prioritization of security activities Direct and lead multiple projects and initiatives related to enterprise-wide information security improvement efforts
- Lead and govern the execution and delivery of security services resulting in solutions that are aligned to enterprise architecture visions and strategies
- Bachelor's Degree Technology or related field or equivalent
- Or Master’s Degree in Computer Science, Information Systems, or other related