CyberSecurity & IT Jobs from the Boardroom to the S.O.C.


JUser: :_load: Unable to load user with ID: 841

IT Director for Information/Cyber Security

Add to Favourites
Added 2018-09-16 15:45:11


Main Purpose:
The IT Director of Information/Cyber Security will be responsible for overall strategy and execution in establishing and maintaining an enterprise-wide, cost-effective information security program to ensure that all information assets for corporate, regions and retail are protected. Work in partnership with company leaders to advance the information security needs of the company.

Responsibilities will include development of a strategic security roadmap. Identifying, evaluating reporting on, and mitigating information security risks in a manner that meets internal, compliance and regulatory requirements, and responding to incidents that may occur. Ability to partner with constituents throughout the company to achieve strategic goals and ensure the appropriate balance is achieved between risk and controls. Must possess strong influencing skills to educate and shift the security tolerances of the company, executives, employees, vendors and franchises.
Core Accountabilities:
  • Responsible for the development and implementation of CPI Card Group’s Information Security’s Governance, Risk and Compliance program
  • Establish CPI Card Group security policies and enforcement
  • Responsible for the day to day Security Operations for CPI Card Group including Vulnerability Scans, Penetration tests, Incident Management, SIEM Management, etc.
  • Develop and coordinate the implementation of periodic risk assessments of networked assets that identify vulnerabilities. Recommend the best methodology to mitigate identified vulnerabilities.
  • Responsible for supporting the timely and successful PCI Certification annually
  • Coordinate, document and report on investigations of internal or external security incidents. Prepare post mortem analyses of information security breaches, violations, and incidents and document corrective and preventive action plans.
  • Provide consultant services to various technology stakeholders to design security controls that ensure the confidentiality, integrity and availability of information utilized throughout company’s portfolio of business and productions applications.
  • Analyze and facilitate the selection of security software, hardware and other technology controls.
  • Support regulatory and corporate compliance initiatives as they pertain to information and content assets.
  • Support, communicate, reinforce and defend the mission, values, philosophy and culture of the organization.
  • Perform other duties as required.

Key Outputs/Results:
1. A well designed Information Security Program and supporting roadmap designed to mitigate the key risks to CPI Card Group business
2. Critical analytics and metrics in business facing formats and presentation
3. Successful remediation of vulnerabilities to support the delivery of annual PCI ROC on time
4. Become a trusted advisor, build collaborative relationships with Regional IT teams, partner corporate IT teams, key internal business partners and critical vendor/partners
5. Delivery of Projects and services are aligned with CPI Card Group Business Strategy and IT Strategy
6. Development and management of clear escalation and notification paths for critical security incidents and issues
7. Develop good relationships with key service providers and technology partners
8. Global IT solutions successfully delivered in region to cost, schedule and meeting strategic business requirements
9. Work with business partners to understand evolving security risks

Essential Knowledge:
  • University degree or equivalent work experience
  • Experience in at least 3 of the following areas
  • PCI Compliance within the context of Business as Usual (BAU)
  • Threat Intelligence & Vulnerability Management
  • Security Awareness
  • Third-party Service Provider Assurance
  • Policy & Procedure Documentation
  • Good business acumen
  • Experience working with Managed Service Partners
  • Strong knowledge across a broad set of infrastructure solutions/concepts including Cloud Computing, SAN Storage, Desktop computing, WAN and LAN concepts
Technical Skills:
  • 10+ years as senior IT leader
  • 7+ years as a InfoSec leader/Manager
  • Computer Science or Business Administration degree preferred
  • Certified Information Systems Security Professional
  • Certified in or have demonstrable experience with ISO27001/27002/27005
  • PCI DSS and SOX experience highly desirable
  • Strong familiarity with DNS and TCP/IP networking
  • Strong problem solving ability
  • Strong written and oral communication skills
  • Proven analytical and problem-solving abilities
  • 6-8 years of experience as IT Security Engineer or Security Analyst with specific experience in the following:
  • Log/event monitoring and management
  • Anti-Virus and Malware remediation
  • Mobile security
  • Application Whitelisting
  • Pen Testing
  • Firewalls
  • System hardening and patch management
  • Security policy creation, implementation and auditing
  • Retail/POS environments
  • Experience working in a team-oriented, collaborative environment
  • Knowledge of the Software Development Life Cycle (SDLC)
  • Retail experience desirable
  • 5+ years of relevant audit, information risk, security, or compliance experience preferred.
  • Experience with managed service partners is a plus
  • Certification preferred: GIAC, SSCP, CISSP, CISA, CISM, CRISC, PMP
  • Must be able to effectively communicate technical information to both technical and non-technical personnel.
  • Strong customer and relationship management skills
  • Strong supplier management skills
  • Strong organizational adaptation/change management skills
  • Strong project management skills
Successful Experience:
  • Strategic development of security program, policies, procedures and work instructions
  • Experience in a security engineer or security architecture role desired
  • Proven expertise working with managed service providers.
  • Working knowledge of firewalls and their associated policies.
  • Training and experience working with anti-virus, web filtering, SEIM, IDS, IPS, endpoint security and vulnerability scanning tools.
  • Thorough knowledge of computer forensic tools and procedures.
  • Knowledge of vulnerability management and exploit analysis tools
  • Knowledge of networking technologies, common protocols and services and related security issues
  • Knowledge of Security Frameworks; NIST, ISO/IEC 27001, PCI-DSS, etc
  • Knowledge of Windows and Linux operating systems
  • Comfortable interfacing with other internal or external organizations regarding risk and compliance findings.
  • Retail experience desired
  • Experience working with PCI and SOX Compliance environments
  • Strong Technical Security skills
  • Strong technical decision making skills
  • Very capable strategic thinker
  • Very strong relationship management skills
  • Self starting with very strong drive for results
  • Excellent communicator
  • Customer focus
  • Commercial awareness

Specific details

Employment Type Full time
Degree 4 Year Degree
Salary Range ---


Colorado, United States, North America


We use cookies to maintain login sessions, analytics and to improve your experience on our website. By continuing to use our site, you accept our use of cookies. Terms of Use