Director, Information Security

Description

The Director of Information Security serves as the enterprise–wide trusted advisor for all Information Security issues and defines, implements, and manages the company's Information Security strategy. A senior member of Gordon Brothers Risk Management team, this role requires a visionary leader with deep expertise in cybersecurity to work collaboratively with the business, Technology, and Legal/Risk teams to make security risk–based decisions.

JOB RESPONSIBILITIES/ESSENTIAL JOB FUNCTIONS

Strategy and Risk Management

• Develop and execute a comprehensive Information Security strategy aligned with the organization's business goals, compliance requirements, and risk tolerance.

• Identify and assess cybersecurity risks, vulnerabilities, and threats, and implement risk mitigation strategies to protect the company's data and assets.

• Establish and enforce Information Security policies, standards, and procedures to ensure compliance with industry regulations (e.g. GDPR) and best practices. Liaise with auditors as needed.

• Develop and lead the incident response program, including incident detection, containment, eradication, and recovery procedures. Perform quarterly validations.

• Implement and maintain Records Management Policy (including email and chat retention)

• Continuously research emerging and state–of–the–art cybersecurity technologies and trends, evaluating their suitability for the organization's needs.

• Maintain comprehensive knowledge of information technology subjects, cyber security, controls and regulatory compliance programs.

• Maintain training and certification.

Security Awareness

• Subject matter expert across Information Security domains (i.e., Application security, cloud security, vulnerability management, endpoint security, etc.)

• Maintains awareness with Information Security industry developments and trends.

• Promote a strong security culture throughout the organization by driving training programs and awareness campaigns.

Vendor/Service Providers

• Support third–party risk assessments and vendor security evaluations to ensure the security of externally sourced products and services.

• Ability to validate Information Security Posture of all relevant IT service providers included but not limited to SAAS, PAAS, NAAS etc.

• In–depth knowledge and understanding of the Microsoft 365 Security and the Microsoft 365 Purview toolset.

• Ability to enable and implement controls within the Microsoft 365 environment.

Leadership and Management

• Manage and mentor a team of cybersecurity professionals, fostering a culture of innovation, continuous learning, and collaboration.

• Collaborate with the business to achieve objectives by supporting audits and reviews, handling customer security inquiries, etc.

• Collaborate with global ITS team to ensure Customer, Partner, Vendor and Insurance requirements and expectations are achieved.

• Manage the Information Security budget effectively, allocating resources to critical areas and ensuring cost–efficient security solutions.

• Maintain accurate and detailed documentation of all security requirements, contractual obligations, contact information, and other important records.

EDUCATION, EXPERIENCE

• Bachelor's degree in business or computer science.

• 10+ years of Information Security experience.

• Comprehensive knowledge of information technology subjects, cyber security, controls and regulatory compliance programs. Demonstrated ability to keep abreast of changes and evaluate for appropriate application within the company.

• Proven track record of building and maintaining robust security programs, and the ability to collaborate with cross–functional teams.

KNOWLEDGE, SKILLS, ABILITIES

• Knowledge of compliance regulations, frameworks, and certifications (e.g., NIST, ISO, SOC, IRAP, Cyber Essentials, etc.)

• In–depth knowledge and understanding of the Microsoft 365 Security and the Microsoft 365 Purview toolset.

• Ability to enable and implement controls within the Microsoft 365 environment.

• Ability to communicate information technical/security issues using business language that others can understand.

• Ability to multi–task on different projects and prioritize projects according to business importance and risk tolerance.

• Ability to form strong relationships with stakeholders (Legal, Risk, Department Leaders).

• Experience preparing and delivering executive level presentations and interacting with customers across different markets and locations.

• Experience preparing and delivering executive level presentations and interacting with customers across different markets and locations.

Gordon Brothers offers a very competitive total compensation package, including base salary and bonus plan, health insurance, dental benefits, a generous 401(k) match, time off benefits, and more.
In compliance with the Americans with Disabilities Act (ADA), please contact the Human Resources department if you have a disability and need reasonable accommodation with any part the application process. Requests will be considered on a case–by–case basis.

Gordon Brothers is an Equal Opportunity Employer.