Director, Information Security & Compliance

d direct activities of the Information Security and Technology Compliance in support of business operations;

• Increase and maintain visibility of our systems and data;

• Oversee the deployment of cybersecurity technologies and cybersecurity program enhancements;

• Oversee operations for technology compliance reporting [Including but not limited to SOX; PCI; SEC]

• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities

• Assist in the oversight of financial budget operations

• Ensure compliance with security standards and completion of mandated enterprise initiatives and security projects;

• Develop and report performance metrics that demonstrate business impact and risk reduction.

• Prepare technical reports for executive leadership;

• Evolve the cybersecurity vulnerability management program to meet growth needs;

• Evaluate cyber security threats, risks, vulnerabilities, and processes to determine relative risk to the product, system, and organization;

• Lead management of key third-party security vendors providing SaaS services

• Ability to conduct research and establish cybersecurity relevant positions to mitigate risk and promote operational effectiveness

• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

• Ability to prioritize and allocate cybersecurity resources correctly and efficiently.

• Leads or commissions suitable information security awareness, training and educational activities;

E duc a ti o n a nd / o r Ex p e r i ence

• Bachelor's degree in Information Technology or similar technical field

• 10+ years of relevant cybersecurity

• 5+ years of utilization of industry cybersecurity frameworks

• 3+ years of direct leadership of compliance reporting [featuring SOX and PCI]

• 5+ years of people leadership experience

S k ill s / Spec ializ ed Kn o wl e dge

• In-depth understanding of industry standards, frameworks, and regulations related to cybersecurity (e.g., NIST, ISO, GDPR, MITRE, CIS, Cloud Security Alliance).

• Ability research and grasp emerging security concepts

• Strong interpersonal, conflict management and communication skills

• Effective documentation and reporting skills

• Excellent written and verbal communication skills

• Strong ability to manage tasks; schedule and organize priorities

Required Licenses or Certifications

• CISSP [active] - preferred

• CRISC; C|CISO; CISM; ITIL - recognized

Other Requ i r e m en t s

• Travel to IH Market offices as required, amount of up to 30%.

• Must maintain professional appearance.

• Ability to be at work on a regular and consistent basis; On-call availability may be required for this position.

Phys i cal and Mental De m a n d s

This position will spend long hours sitting and using office equipment and computers. The position may also entail light lifting of supplies and materials occasionally, up to and including 20 pounds in addition to re ac h i ng, st oo p i n g, standing, and walking . This position requires the ability to talk, h e a r , c o m p a re , c o m put e , c o m p il e , c o p y, a n a l yz e , c o or d i n a t e , s y n t h e s i z e , n e g o t i a t e a n d c o m mun i cat e. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

W o r k E nv ir on m ent

S t a nd a r d o f f i ce w o r k i n g e n v i ron me n t that may be busy and noisy at times.