Director of Security - IT
Overall Job Summary
Conexess Group is aiding a Fortune 500 client in their search for a Director of Security. The individual in this role will be a key leader in a cybersecurity program supporting a highly dynamic and fast-paced retail company. This is a full time role and leaders that are interested must be able to come to the office 2-3 days a week at corporate headquarters in the middle TN area.
The Director will lead the Security Architecture, Threat, IT Risk, and Compliance teams with a focus on delivering reliable and scalable cybersecurity and IT risk management services. Success will be achieved by blending technical expertise and business insight to minimize risk and ensure compliance while supporting the growth of digital services.
Essential Duties and Responsibilities (Min 5%)
- Provide leadership and technical direction to deliver cybersecurity, IT risk, and compliance capabilities that address both 1st and 3rd party risks.
- Develop and execute a comprehensive strategy for defensive security, threat mitigation, and risk reduction following standards-based frameworks including NIST CSF and NIST P.
- Ensure adequate and timely resolution of audit, compliance, and regulatory requirements.
- Partner with IT and business leaders to influence and ensure alignment and support for cybersecurity policies, standards, and operating procedures.
- Collaborate with fellow leaders of IT and business teams to support their requirements for cybersecurity solutions and expertise.
- Research and recommend security and risk technologies that can be applied to technology solutions being developed or maintained internally and externally.
- Develop, mentor, and lead a high-performing team of information security and risk experts.
Required Qualifications
Experience: 9+ years of progressive cybersecurity, IT risk, and compliance experience. Relevant experience in retail, Big4 or enterprise IT audit, and security consulting is preferred. Deep knowledge and practical experience in enterprise IT risk management programs using NIST, FAIR, ISO, and other relevant IT control frameworks. Deep knowledge and practical experience with PCI, SOX, IT General Controls, and third-party risk management.
Education: Bachelor's Degree in Cybersecurity, Computer Science, or a related field. Any suitable combination of education and experience will be considered.
Professional Certifications: CISSP, CISA, CRISC, CISM, SANS GIAC, or another relevant security or governance certification(s) desired.
Preferred Knowledge, Skills Or Abilities
- Track record of delivering effective solutions in collaboration with multiple stakeholder groups and contending priorities.
- Current knowledge of evolving threats, attacker techniques, and options for risk mitigation
- Practical understanding of data protection policies and standards, and privacy regulations
- Experience with financial management, budgeting, and forecasting.
- Excellent verbal and written communication skills.
- Excellent analytical, problem-solving, project management, and planning skills
- Strong vendor management and negotiation/mediation skills
- Eligible to work in the United States without company sponsorship.