Skip to Main Content
← Back to Jobs

Director of Information Security (DIS)

Babel Street Starkville, MS
  • Expired: over a month ago. Applications are no longer accepted.

The Director of Information Security Reporting is responsible for establishing and maintaining the information security program to ensure information assets and associated technology, applications, systems infrastructure, and processes are adequately protected.

The DIS is responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets (data, networks, applications, and people), while supporting and advancing business objectives. The DIS must be knowledgeable about both internal and external business environments and ensure governance of information systems are maintained fully functional and secure mode.

The DIS will create and own the security policy, setting the tone for the security program and practices. He/she will be accountable for the content of the security policy and will have a collaborative approach with internal business compliance groups. The DIS will identify applicable regulations and the status of regulatory compliance on the practice of information security. The DIS will reveal and quantify third-party exposure and will employ protections accordingly. A vast array of functions, processes, and procedures to measure maturity of the cybersecurity and risk management is expected, and it is critical to provide a clear understanding of security goals and risk management objectives. A function of the position is to continually measure and manage cyber risk and establish and cultivate a risk management program.

Responsibilities:

  • Facilitate an information security governance structure

  • Provide regular reporting on the current status of the information security program to senior business leaders as part of a strategic enterprise risk management program

  • Create and manage a targeted information security awareness training program for all employees and contractors and establish metrics to measure the effectiveness of this security training program

  • Provide clear risk mitigating directives for projects with components in IT, including mandatory application controls

  • Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach

  • Develop, implement, and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled and/or processed by the organization

  • Develop and enhance an up-to-date information security management framework

  • Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines

  • Create a framework of roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets

  • Coordinate with the architecture team to build alignment between the security and enterprise architectures to ensure those information security requirements are implicit in IT architectures and security is built in by design

  • Manage and contain information security incidents and events that protect corporate IT assets, intellectual property, regulated data, and the company’s reputation

  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

  • Develop and oversee effective disaster recovery policies and standards

  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas

Other Skills and Characteristics:

  • Must be authorized to work in the U.S.

  • Will be required to complete a background investigation

  • Bachelor’s degree in computer science, information systems, computer engineering, or related field of study, or equivalent experience

  • 10+ years of experience in a combination of risk management, information security, Enterprise application software development and support.

  • Strong knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies

  • Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, and PCI DSS

  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment

  • Knowledge of business IT ecosystems, SaaS, IaaS, PaaS, cloud computing, APIs, open data, open systems.

  • Excellent written, verbal, communication, and presentation skills

  • Highly collaborative and supportive of business and our ideas and strategies

Remote Work Available

EOE Minority/Female/Protected Veteran/Disability

Babel Street

Address

Starkville, MS
USA