Direct Hire | Cyber Security | Bethesda, MD | Apply Now –
The Senior Director will be responsible for developing, implementing and maintaining an IT Security risk management program on behalf of our client in the Washington, DC metro area. Establish risk and compliance related policies and procedures. Tasks will include identifying security risks and exposures by participating in security reviews, evaluations and risk assessments; performing risk evaluations of identified risks; and managing the risk management process using an automated Governance, Risk and Compliance (GRC) tool.
KEY ROLE AND RESPONSIBILITIES
Risk Management
- Manage Risk management framework, evaluate effectiveness and provide improvement recommendations.
- Perform complex technical security/risk assessments of third parties providing services to the company.
- Perform complex technical security/risk assessments of internal projects and technology investments.
- Document and track the risk management decisions using RSAM Governance Risk Compliance tool.
- Conduct on-going effectiveness evaluations of information security, risk and operational controls.
- Communicate control weaknesses and related recommendations in non-technical (business) terms effectively to internal management.
- Evaluate and test hardware, firmware and software for possible impact on system security, and the investigation and resolution of security risk and incidents. Assist with vulnerability exceptions.
- Keep abreast of adversarial attack methods, regulatory requirements, and security requirements to understand their impact to the business operations.
- Independently resolve minor issues regarding information security and/or governmental law or regulation compliance. Identify and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement. Prepare reports of key metrics for application security, information security, and/or compliance with governmental laws or regulations.
- Identify and negotiate schedules, milestones, and resources required to meet assessment objectives, and modifies schedules as required.
- Complete assessments within established time budgets and milestones without sacrificing security and quality.
- Participate in evaluating security related system and software solutions (e.g., technical product and vendor evaluations).
- Ensure projects include security requirements throughout the lifecycle of the project. Provide security representation and expertise for security related initiatives.
Security Compliance Management
- Ensure appropriate monitoring and reporting of security risks
- Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.
- Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content (e.g., policies, standards, processes and procedures).
- Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures.
- Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products.
- Oversees the information assurance (IA) program of an information system in or outside the network environment; may include procurement duties.
KEY QUALIFICATIONS AND EXPERIENCE
Required:
- Bachelor’s degree in Computer Science, Information Security or related field or equivalent experience/certification
- 8+ years of information technology leadership experience
- Experience implementing, managing or governing security technologies (e.g., encryption, network security, intrusion detection, digital forensics) and/or threat and vulnerability management programs
- Experience in enterprise IT security risk management frameworks and processes
- Knowledge of and experience with Governance, Risk Management and Compliance (GRC) tools
- Direct management of cross functional, sourced, or matrixed teams
- Current information security certification, including Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP)
Preferred:
- Working knowledge of industry security frameworks (e.g., ISO2700X, NIST, Cloud Security Alliance)
- Knowledge of IT security within an infrastructure environment
- Proven knowledge of SDLC; good understanding of ITIL v3 Framework
- Strong negotiating, influencing and problem resolution skills
- Proven ability to effectively prioritize and execute tasks in a high-pressure environment
- Experience in business systems and process planning
- Knowledge of business environment, service requirements and hospitality culture
- Ability to translate information security objectives into mutually beneficial business strategies for the client organizations
- Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action
- Deep understanding of IT financial structures and ability to manage to corporate financial practices and goals, including drivers of process cost
- Understanding of International, Federal, State and Local Regulations pertaining to Information Security, risk management and data privacy.
- Graduate or Terminal Degree
