Director, Information Security
The Director, Information Security Advisory is responsible for leading a team of security consultants in partnering with key business stakeholders to ensure the Information Security Program is extended to all business and Information Technology initiatives. This position reports to the Leader, Security Architecture, Advisory and Engineering.
- Lead a team of information security consultants to provide subject matter expertise to support information technology project teams, legal and compliance reviews and business-related information security needs.
- Coordinate and execute proactive information security consulting to cover key information technology applications, infrastructure and capabilities, including: identity & access management; endpoint and server protections, network security, database security, mobile device security, data protection, cloud security and solution development.
- Partner with all areas of the Information Security team and Enterprise Architecture to maintain security standards across the enterprise.
- Build solid working relationships with Information Technology, Legal, Compliance and other business stakeholders, to maintain and improve processes to support security requirements.
- Educate and inform BTS leadership about upcoming information security industry and regulatory changes, emerging threats, and the latest security trends.
- Ensure recommendation of policies and standards, projects, programs and enhancements to improve information security capabilities.
- Maintain and improve process and oversight to ensure timely and consistent delivery of security consulting program.
- Provide regular updates on the progress and status of all consulting and advisory processes and projects.
Experience and Knowledge
- Broad knowledge of information technology and security architecture and controls in various application and infrastructure platforms including network (physical, virtual, internal, cloud), system platforms, storage, directory services, and end user computing
- Experience collaborating with and managing a globally-positioned workforce and business partners.
- Experience developing risk analysis and threat modeling processes.
- 10+ years managing and consulting in Enterprise Information Security
- 5+ years managing and leading teams of technical engineers or consultants
- 5+ years experience performing risk assessments or IT audit consulting
- 5+ years SME level work experience in related areas of Information Security Engineering, Architecture, Security Design, Security Operations and IT.
- Strong knowledge of industry and financial regulatory standards.
- Understanding of the bankcard industry desired. Payment Card or other financial industry experience preferred.
- Working knowledge of security standards frameworks (FFIEC, PCI-DSS, GDPR, COBIT, NIST)
- Professional security certification preferred (CISM, CISA, CISSP)
- Minimum: Bachelor’s Degree in Computer Science or related field.
- Preferred: Advanced degree
- Motivated self-starter
- Superb communicator