Director, IT Security and Privacy
Club Car
Evans, GA
- Expired: February 04, 2023. Applications are no longer accepted.
Club Car
LOCATION: Evan's GA: On-site
(Relocation Assistance Available)
Director, IT Security and Privacy
Position Overview:
The Director, IT Security & Privacy will ensure Club Car operates securely by developing practical, robust IT security and privacy processes and systems which protect the company’s business, data, customers, suppliers and teammates.
Responsibilities:
Incident Response and Coordination
· Maintain Club Car’s IT Incident Response Plan, including incident escalation framework and key incident-specific playbooks (e.g., ransomware), and serve as lead cybersecurity representative in incident response.
· Ensure appropriate tactical incident response protocols and processes to detect, respond, and remediate cybersecurity events.
· Oversee investigation capability, to include leveraging internal and external forensics and evidence collection and preservation, under the supervision of the legal counsel, as appropriate.
· Conduct tabletop exercises to build response capability at all levels.
· Lead after-action reviews and identify and implement lessons learned to drive security improvements.
Cybersecurity Governance and Risk Management
· Develop and implement the Club Car’s comprehensive cybersecurity strategy and roadmap, reflecting the Club Car’s operational drivers and desired business outcomes, risk tolerance, and evolving risks, threats, and vulnerabilities.
· Develop senior leader awareness and buy-in of cybersecurity program and initiatives, including reporting to leadership on cyber initiatives and strategy, program assessments, changes to risk profiles, and specific events.
· Assess current MSSP and MSP cybersecurity teams and define program governance, including defining roles and responsibilities.
· Establish, with senior leaders, cyber risk thresholds and risk management approach.
· Build and implement cyber risk quantification and risk prioritization of initiatives.
· Develop protocols to periodically review the appropriateness of the cybersecurity program, inclusive of administrative and technical controls and processes, with such review to include risk assessments, industry standard compliance reviews, and periodic, risk-based penetration testing.
· Develop vendor cybersecurity risk management program.
· Coordinate with senior leadership to ensure adequate resourcing of cybersecurity program.
Cybersecurity Program Management
· Oversee people, processes, and technology at all levels of the cybersecurity program to enable global operations.
· Develop and maintain all relevant information security policies and procedures, including for network infrastructure, specific applications, and services.
· Develop and maintain designated risk-based cyber safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
· Develop secure lifecycle processes and operations, reflecting risk, threat, and vulnerability identification.
· Ensure continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate.
· Manage cybersecurity audits, inclusive of client security audits and RFPs.
· Oversee development and implementation of role-based cybersecurity awareness programs and trainings.
· Collaborate closely with legal counsel to ensure cybersecurity program meets all legal and contractual requirements.
· Manage, in close collaboration with IT team, all aspects of security for technology initiatives.
· Conduct regular internal and coordinate external security assessment and penetration tests to proactively test the effectiveness of security controls.
· Coordinate with compliance on remediation and program management.
· Assist in the design and implementation of disaster recovery procedures, integration points with business continuity and managing the rollout of IT-enabled recovery and continuity procedures.
Experience:
· Bachelor's degree in Computer Science or related technology field with 5+ years of prior relevant experience in a Global setting.
· Relevant Certifications: CISSP, CCEP, or other related field certifications highly preferred.
· Technical expertise of cloud architectures, especially Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure, networks, routers and switches, wireless technologies, active directory, and leading software applications.
· Background in modern information security frameworks, technologies and practice.
· Experience in accrediting IT systems against multiple standards including NIST and working knowledge of relevant legal requirements including GPDR and CCPA.
· Experience supervising managed security service providers (MSSP) and working with infrastructure managed service providers (MSP).
· Experience overseeing vendor security audits and developing, implementing and maintaining a vendor risk management program.
Core Competencies:
· Strategic Thinker - Translates the security strategy into specific objectives and plans for the security organization and Club Car more broadly. Thinks two to three years ahead.
· Drives Results – A bias toward action; committed to delivering results and remediation of critical items within the information security organization. Acts to surpass goals, seizing opportunities to push the envelope. Sets continually higher goals that are ambitious but realistic for self and team, geared to organizational objectives centered on improving Club Car’s security posture and reputation. Poise and ability to act calmly and competently in high-pressure, high-stress situations.
· Collaborator and Influencer - Invites the opinions and perspectives of others. Engages external parties in a dialogue on information security to understand emerging threats and regulatory practices and advises relevant stakeholders on appropriate course of action to gain commitment and buy-in. Adapts personal approach to respective environment and audience. Supports new business opportunities with the lens of securing while enabling the business. Position information security as a partner to the business with mutual intentions of achieving business goals and securing the company
LOCATION: Evan's GA: On-site
(Relocation Assistance Available)
Director, IT Security and Privacy
Position Overview:
The Director, IT Security & Privacy will ensure Club Car operates securely by developing practical, robust IT security and privacy processes and systems which protect the company’s business, data, customers, suppliers and teammates.
Responsibilities:
Incident Response and Coordination
· Maintain Club Car’s IT Incident Response Plan, including incident escalation framework and key incident-specific playbooks (e.g., ransomware), and serve as lead cybersecurity representative in incident response.
· Ensure appropriate tactical incident response protocols and processes to detect, respond, and remediate cybersecurity events.
· Oversee investigation capability, to include leveraging internal and external forensics and evidence collection and preservation, under the supervision of the legal counsel, as appropriate.
· Conduct tabletop exercises to build response capability at all levels.
· Lead after-action reviews and identify and implement lessons learned to drive security improvements.
Cybersecurity Governance and Risk Management
· Develop and implement the Club Car’s comprehensive cybersecurity strategy and roadmap, reflecting the Club Car’s operational drivers and desired business outcomes, risk tolerance, and evolving risks, threats, and vulnerabilities.
· Develop senior leader awareness and buy-in of cybersecurity program and initiatives, including reporting to leadership on cyber initiatives and strategy, program assessments, changes to risk profiles, and specific events.
· Assess current MSSP and MSP cybersecurity teams and define program governance, including defining roles and responsibilities.
· Establish, with senior leaders, cyber risk thresholds and risk management approach.
· Build and implement cyber risk quantification and risk prioritization of initiatives.
· Develop protocols to periodically review the appropriateness of the cybersecurity program, inclusive of administrative and technical controls and processes, with such review to include risk assessments, industry standard compliance reviews, and periodic, risk-based penetration testing.
· Develop vendor cybersecurity risk management program.
· Coordinate with senior leadership to ensure adequate resourcing of cybersecurity program.
Cybersecurity Program Management
· Oversee people, processes, and technology at all levels of the cybersecurity program to enable global operations.
· Develop and maintain all relevant information security policies and procedures, including for network infrastructure, specific applications, and services.
· Develop and maintain designated risk-based cyber safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
· Develop secure lifecycle processes and operations, reflecting risk, threat, and vulnerability identification.
· Ensure continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate.
· Manage cybersecurity audits, inclusive of client security audits and RFPs.
· Oversee development and implementation of role-based cybersecurity awareness programs and trainings.
· Collaborate closely with legal counsel to ensure cybersecurity program meets all legal and contractual requirements.
· Manage, in close collaboration with IT team, all aspects of security for technology initiatives.
· Conduct regular internal and coordinate external security assessment and penetration tests to proactively test the effectiveness of security controls.
· Coordinate with compliance on remediation and program management.
· Assist in the design and implementation of disaster recovery procedures, integration points with business continuity and managing the rollout of IT-enabled recovery and continuity procedures.
Experience:
· Bachelor's degree in Computer Science or related technology field with 5+ years of prior relevant experience in a Global setting.
· Relevant Certifications: CISSP, CCEP, or other related field certifications highly preferred.
· Technical expertise of cloud architectures, especially Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure, networks, routers and switches, wireless technologies, active directory, and leading software applications.
· Background in modern information security frameworks, technologies and practice.
· Experience in accrediting IT systems against multiple standards including NIST and working knowledge of relevant legal requirements including GPDR and CCPA.
· Experience supervising managed security service providers (MSSP) and working with infrastructure managed service providers (MSP).
· Experience overseeing vendor security audits and developing, implementing and maintaining a vendor risk management program.
Core Competencies:
· Strategic Thinker - Translates the security strategy into specific objectives and plans for the security organization and Club Car more broadly. Thinks two to three years ahead.
· Drives Results – A bias toward action; committed to delivering results and remediation of critical items within the information security organization. Acts to surpass goals, seizing opportunities to push the envelope. Sets continually higher goals that are ambitious but realistic for self and team, geared to organizational objectives centered on improving Club Car’s security posture and reputation. Poise and ability to act calmly and competently in high-pressure, high-stress situations.
· Collaborator and Influencer - Invites the opinions and perspectives of others. Engages external parties in a dialogue on information security to understand emerging threats and regulatory practices and advises relevant stakeholders on appropriate course of action to gain commitment and buy-in. Adapts personal approach to respective environment and audience. Supports new business opportunities with the lens of securing while enabling the business. Position information security as a partner to the business with mutual intentions of achieving business goals and securing the company
Club Car
Address
Evans, GA
30809
USA
Industry
Technology
View all jobs at Club CarGet fresh Security Director jobs daily straight to your inbox!
By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.
You Already Have an Account
We're sending an email you can use to verify and access your account.
If you know your password, you can go to the sign in page.