Leading IT company in Boca Raton, FL is seeking a Director of Information Security and Privacy to manage a small team of Security Analysts. Maintain a consolidated privacy and security program and conduct audits to achieve validation of compliance with PCI, DSS, HIPAA, and other privacy laws and compliance mandates for the company technology and security program.
We are looking for a Director with a strong background in Information Security, Privacy, and Compliance. The ideal candidate will have climbed the ranks as a Security Analyst, Engineer/Architect, Lead or Manager and is now at, or ready to be at the Director level.
This position is highly technical and involves working with the various technical groups and critical infrastructure to build effective analysis capabilities to better protect the organization from cyber-attacks and threats.
This position reports directly to the CTO.
- Develop and maintain a consolidated privacy and security program that integrates requirements across various compliance mandates, including PCI DSS, HIPAA, HITRUST and various privacy laws, including GDPR and CCPA.
- Actively manage the implementation of and validate adherence to security practices across the organization to comply with the various privacy law and compliance mandates.
- Support and lead a team of security practitioners in various practices such as incident management, application security, vulnerability management, and auditing.
- Resolve allegations of non-compliance with the corporate policies or notice of information practices.
- Govern security-specific metrics that demonstrate the performance of the security program including reduction in program cost, reduction in security incidents, and positive independent security assessment outcomes.
- Report on a periodic basis to the CTO or committee regarding the status of the security and privacy program.
- Mature the Privacy and Security program to better support the organization’s core business strategy as an enabler for driving business development initiatives.
- Provide strategic guidance to corporate officers regarding risk to information resources and technology.
- Provide leadership in the planning, design and evaluation of privacy and security related projects.
- Conduct audits of business partners to achieve independent validation of compliance with PCI, DSS, HIPAA and other privacy laws and compliance mandates for the company’s technology and security program.
- Maintain and mature a corporate-wide privacy and security training program.
- Oversee appropriate sanctions for failure to comply with the corporate privacy policies and procedures.
- Actively monitor the regulatory and legislative landscape for changes in requirements to protect the security and privacy of regulated data.
- Eight (8) years of progressive experience in Information Security, or related field
- Three (3) years’ experience in a supervisory or senior level (plan, organize, and direct the work of technical staff)
- Four (4) years’ experience in technical program management
- Active proficiency in the following areas:
- Networking and communications protocols (TCP, HTTP, FTP, DNS, et.)
- Security architecture: firewalls, trust-boundaries, encryption, segmentation strategies, Cloud services, etc.
- Internet security, including: transport security and web application security
- Incident response and management (SIEM, IDS, forensic techniques, etc.)
- Security auditing (vulnerability and penetration testing)
- Identity and access management
- Business resilience planning
- Data privacy, including GDPR, CCPA, etc.
- Compliance management, including service provider management, PCI DSS and HIPAA compliance auditing
Sherlock loves to share a $500 referral bonus!
“U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.”