Director, Information Security (Remote)

Company: Cordis
Location: Washington
Posted on: January 16, 2022

Job Description:

**Description**

**Essential Functions and Responsibilities:**

+ Maintains awareness and incorporate implications of legislated requirements that impact security for the enterprise

+ Identifies security goals and objectives consistent with corporate and IT overall strategic plans

+ Provides enterprise-wide direction on the use of security polices procedures and technologies for all enterprise operations, including other groups and subsidiaries

+ Develops plans for and oversees the exits of TSA related security services as well as the stand-up and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security

+ Oversees 3rd party outsourcer, contractors and vendors to safeguard the company's assets, intellectual property and computer systems, as well as the physical safety of employees and visitors

+ Coordinates and oversees security implementation plans, security product purchases, and project schedules with broader IT project portfolio initiatives

+ Defines security standards to ensure that all hardware, software, and database problems are solved in a timely and efficient manner including the computer and communication technology contribution to disaster recovery operations.

+ Assesses new security technologies to determine potential value for the enterprise. Provides a source of specialized expertise that can serve the needs of other IT activities.

+ Maintains the operations and project budgets for security personnel requirements, new hardware, software upgrades or additions, and external consulting projects in support of the business

+ Conducts annual threat and vulnerability assessments

+ Oversees the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary

+ Work with outside consultants as appropriate for independent security audits

+ Manages all implications of mandated and regulated security requirements such as Sarbanes-Oxley, Patriot Act, etc.

+ Maintains relationships with local, state and federal law enforcement and other related government agencies as required

+ Provides support to the business, regions and external groups in the application the of enterprise's security and data privacy policies

+ Defines standards for security training, equipment cost and usage, cost/usage ratios, usage procedures, and technical personnel time/project allocation.

+ Defines and directs of training and seminars to improve overall employee security awareness, response time, and ability to look into the future security requirements of the enterprise.

Education & Experience Qualifications

+ A bachelor's degree in information technology or computer science is required; Master's degree in information technology, computer science, or business administration preferred

+ Requires time management skills in directing a variety of projects in addition to an understanding of the ways in which security is an issue within all areas of the enterprise.

+ Requires supervisory/management experience and the flexibility to deal with people at a variety of levels; internally - enterprise staff, board of directors, finance staff, other senior executive staff, and externally - auditors, employer groups, service providers and industry associations.

+ 10+ years' experience in application, infrastructure or data security with 5+ years in a management role desired

+ Must have a solid understanding of information technology standards (NIST, ISO 27001) and information security (including firewalls, VPNs, penetration testing and other security devices.)

+ Candidates with certification in information security (CISSP, CSSLP, CCFP, CISM, etc.) or comparable work experience will be given preference. Risk analysis/assessment experience a plus.

+ The position requires excellent verbal and written communication skills, previous leadership, management and supervisory experience, and excellent time management abilities.

+ Demonstrate initiative, good judgment, strong profit orientation, and ability to achieve results through others.

+ Articulate and persuasive leader who can serve as an effective member of the IT management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.

+ Should have experience with 3 rd party or outsourced security providers as well as security business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Keywords: Cordis, Washington DC , Director, Information Security (Remote), Accounting, Auditing , Washington, DC