Job Description - Director for Information Security in Verona
Return to jobs

Director for Information Security

Ref: US_EN_6_916327_1456918

Posted on 21 July 2022

Summary:  

The role of the Director for Information Security is to ensure the secure operation of the organizations computing environment.  This responsibility is multi-faceted and focuses on the following areas:

  • Overseeing the organizations security technology; firewalls, anti-virus, intrusion detection systems (IDS), security information and event management (SIEM) solutions and SPAM filters.  
  • Auditing the organizations vulnerability management which entails confirming servers, network equipment, appliances, desktops, anti-virus firewalls and POS terminals are patched and maintained. 
  • Act as the key contact for all annual audits; including but not limited to the PCI SAQ-D process, OINGC MICS, Financial and the annual risk assessment.
  • Identify, analyze and resolve security breaches and vulnerability issues in a timely and accurate manner.
  • Schedule and direct the activities of the data security team.
  • Duties & Responsibilities:

    1. Develops, implements, maintains, and oversees enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
    2. Administers policies and procedures for identifying, reporting, and resolving security violations.
    3. Benchmarks, analyzes, reports on, and makes recommendations for the improvement of data security.  Supports Vice President for annual reporting on the effectiveness of the information security program, including progress of remedial actions.
    4. Effectively leads the IT Department’s security planning; including fostering planning projects, and organizing and negotiating the allocation of resources.
    5. Oversees provision of data security services.
    6. Effectively collaborates with stakeholders to define security requirements for new technology implementations.
    7. Directs research on potential security solutions, protocols and standards in support of procurement efforts, security enhancements and development efforts.
    8. Assists in managing the financial aspects of the IT Department, including purchasing, budgeting, and budget review.  This includes business case justifications and cost/benefit analysis.
    9. Effectively negotiates and administers data security related vendor, outsourcer, and consultant contracts and service agreements.
    10. Effectively manages IT security staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.
    11. Deploys, manages and maintains all security systems and their corresponding or associated software; including firewalls, intrusion detection systems, security and information event management, cryptography systems, and anti-virus software.
    12. Ensures the preparation and maintenance of disaster recovery plans and procedures to provide continuity of operations for information systems that support the operations and assets of the organization.
    13. Develops, implements, maintains and oversees enforcement of policies and procedures and associated plans for system security administration and user system access based on industry standard best practices.  Periodically tests and evaluates the effectiveness of information security policies, procedures and practices.
    14. Manages connection security for local area networks, Web site, intranet, and e-mail communications.
    15. Designs, performs, and/or oversees penetration testing of all systems in order to identify system vulnerabilities.
    16. Designs, implements, and reports on security system and end user activity audits.
    17. Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interprets activity and makes recommendations for resolution.
    18. Recommends, schedules (where appropriate), and applies fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
    19. Assesses need for any security reconfigurations (minor or significant) and executes them if required.
    20. Remains current with emerging security alerts and issues.
    21. Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
    22. Downloads and tests new security software and/or technologies.
    23. Recommends, schedules, and performs security improvements, upgrades, and/or purchases.
    24. Ensures on-call security support to end-users.
    25. Provide consulting services for IT security related items in relation to OTS.

    Minimum Requirements:

    1. College Degree in Computer related field or eight years related work experience with five to ten years related work experience in Manufacturing, Financial, Health Care, Casino, Hospitality and/or Entertainment industry or other high volume, complex, highly regulated demanding customer oriented IT environment.
    2. A certification as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Wireless Security Professional, Certified Information Systems Auditor (CISA) and/or, other related technical certification is desired.
    3. Previous working knowledge and experience achieving compliance to the Payment Card Industry Data Security Standards (PCI DSS), and HIPPA requires are required.
    4. Broad hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
    5. In-depth technical knowledge of network, PC, and platform operating systems, including Cisco Internetwork Operating System, LINUX, IBM OS/400 (i5/OS), Microsoft Windows Server and Desktop Operating Systems.
    6. Working technical knowledge of current systems software, protocols, and standards, including Microsoft Exchange, Microsoft SQL Server and SharePoint.
    7. Expert knowledge of TCP/IP and network administration/protocols.
    8. Intuition and keen instincts to pre-empt attacks.
    9. Hands-on experience with devices such as switches, hubs and routers.
    10. Knowledge of applicable practices and laws relating to data privacy and protection.
    11. High level of analytical and problem-solving abilities.
    12. Ability to conduct research into security issues and products as required.
    13. Strong interpersonal and oral communication skills.
    14. Highly self-motivated and directed.
    15. Strong organizational skills.
    16. Excellent attention to detail.
    17. Ability to effectively prioritize and execute tasks in a high-pressure environment.
    18. Must have valid driver’s license.
    19. Experience working in a team-oriented, collaborative environment.

    For more information, please contact me at 315-532-1047  or at krista.wardhaugh@modis.com

    Equal Opportunity Employer/Veterans/Disabled

    To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit https://www.modis.com/en-us/candidate-privacy/

    The Company will consider qualified applicants with arrest and conviction records

    Equal Opportunity Employer/Veterans/Disabled

    To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to https://www.modis.com/en-us/candidate-privacy

    The Company will consider qualified applicants with arrest and conviction records

    Apply

    Find your local office.

    Modis has over 100 offices in the United States, Canada and Europe. With both industry and location-specific expertise, our people know their area and their labor market and can find the right position for you.

    Locations