Description
The Director of Information Security serves as the enterprise–wide trusted advisor for all Information Security issues and defines, implements, and manages the company's Information Security strategy. A senior member of Gordon Brothers Risk Management team, this role requires a visionary leader with deep expertise in cybersecurity to work collaboratively with the business, Technology, and Legal/Risk teams to make security risk–based decisions.
JOB RESPONSIBILITIES/ESSENTIAL JOB FUNCTIONS
Strategy and Risk Management
Develop and execute a comprehensive Information Security strategy aligned with the organization's business goals, compliance requirements, and risk tolerance.
Identify and assess cybersecurity risks, vulnerabilities, and threats, and implement risk mitigation strategies to protect the company's data and assets.
Establish and enforce Information Security policies, standards, and procedures to ensure compliance with industry regulations (e.g. GDPR) and best practices. Liaise with auditors as needed.
Develop and lead the incident response program, including incident detection, containment, eradication, and recovery procedures. Perform quarterly validations.
Implement and maintain Records Management Policy (including email and chat retention)
Continuously research emerging and state–of–the–art cybersecurity technologies and trends, evaluating their suitability for the organization's needs.
Maintain comprehensive knowledge of information technology subjects, cyber security, controls and regulatory compliance programs.
Maintain training and certification.
Security Awareness
Subject matter expert across Information Security domains (i.e., Application security, cloud security, vulnerability management, endpoint security, etc.)
Maintains awareness with Information Security industry developments and trends.
Promote a strong security culture throughout the organization by driving training programs and awareness campaigns.
Vendor/Service Providers
Support third–party risk assessments and vendor security evaluations to ensure the security of externally sourced products and services.
Ability to validate Information Security Posture of all relevant IT service providers included but not limited to SAAS, PAAS, NAAS etc.
In–depth knowledge and understanding of the Microsoft 365 Security and the Microsoft 365 Purview toolset.
Ability to enable and implement controls within the Microsoft 365 environment.
Leadership and Management
Manage and mentor a team of cybersecurity professionals, fostering a culture of innovation, continuous learning, and collaboration.
Collaborate with the business to achieve objectives by supporting audits and reviews, handling customer security inquiries, etc.
Collaborate with global ITS team to ensure Customer, Partner, Vendor and Insurance requirements and expectations are achieved.
Manage the Information Security budget effectively, allocating resources to critical areas and ensuring cost–efficient security solutions.
Maintain accurate and detailed documentation of all security requirements, contractual obligations, contact information, and other important records.
EDUCATION, EXPERIENCE
Bachelor's degree in business or computer science.
10+ years of Information Security experience.
Comprehensive knowledge of information technology subjects, cyber security, controls and regulatory compliance programs. Demonstrated ability to keep abreast of changes and evaluate for appropriate application within the company.
Proven track record of building and maintaining robust security programs, and the ability to collaborate with cross–functional teams.
KNOWLEDGE, SKILLS, ABILITIES
Knowledge of compliance regulations, frameworks, and certifications (e.g., NIST, ISO, SOC, IRAP, Cyber Essentials, etc.)
In–depth knowledge and understanding of the Microsoft 365 Security and the Microsoft 365 Purview toolset.
Ability to enable and implement controls within the Microsoft 365 environment.
Ability to communicate information technical/security issues using business language that others can understand.
Ability to multi–task on different projects and prioritize projects according to business importance and risk tolerance.
Ability to form strong relationships with stakeholders (Legal, Risk, Department Leaders).
Experience preparing and delivering executive level presentations and interacting with customers across different markets and locations.
Experience preparing and delivering executive level presentations and interacting with customers across different markets and locations.
Gordon Brothers offers a very competitive total compensation package, including base salary and bonus plan, health insurance, dental benefits, a generous 401(k) match, time off benefits, and more.
In compliance with the Americans with Disabilities Act (ADA), please contact the Human Resources department if you have a disability and need reasonable accommodation with any part the application process. Requests will be considered on a case–by–case basis.
Gordon Brothers is an Equal Opportunity Employer.