Chief Information Security Officer - Direct Technology
The Chief Information Security Officer is accountable for TAG/Direct Technology’s entire security posture. This executive works across and with multiple business functional areas including information security, privacy, physical security, internal investigations, and business continuation. This executive provides leadership, vision, and strategic direction for the effective identification, development, management, and assessment of security initiatives and standards which are aligned with TAG’s strategic priorities and business objectives. This executive directs the coordination of security efforts across the enterprise partnering with stakeholders in functional areas of the organization, including information technology, human resources, legal, and finance.
- Leads the design and implementation of TAG’s security strategy, taking into account TAG’s business strategy and the diverse portfolio of organizational units, service offerings, and customer needs.
- Role models TAG’s mission, core values, culture and desired behaviors – including a sound risk culture.
- Develops talent in the security team to deliver performance and results – including the identification, development, and retention of talent with requisite physical and digital security capabilities.
- Drives operations of the security team– including core business processes and technologies.
- Holds self and others accountable for meeting commitments by setting and clearly communicating expectations and roles and responsibilities relative to security functions.
- Maintains strong relationships with industry, security, governmental and legal subject matter experts and trusted advisories to stay current with, and share best practices and emerging trends.
- Provides regular security briefings and reports at executive, organizational, and stakeholder levels; Aggregates and communicates relevant trends, threats, and changes to legislation and regulation, affecting the organization and business objectives.
- Develops and leads relevant security stakeholder committees and working groups.
Technical and Risk Responsibilities
- Identifies and manages existing and emerging risks that stem from business activities and ensure they are effectively identified, measured, monitored, and controlled. Clearly and effectively communicates strategic security vision, risks, costs and related impacts to stakeholders at various levels of the organization and the Board of Directors.
- Develops, implements, and maintains written risk, security, and compliance policies, standards, and procedures for business activities.
- Owns the strategy, development, and regular testing of Business Continuity plans, taking into account the probability and impact of catastrophic and significant security risk events and ensures continuity of business operations.
- Accountable for operating within established policies and guidelines related to security for the enterprise, and acting in accordance with applicable laws, regulations, and supervisory guidance, including those related to privacy and consumer protection.
- Responsible for protecting the information, system, financial, people, and physical assets of the enterprise, along with mitigating potential risks involved in the loss of intangibles, such as reputation, intellectual property, and trade secrets.
- Owns incident prevention and response planning, testing, and operational activities; Coordinates both inside and outside the organization to forestall and prevent attacks and catastrophic events. Monitors the probability of any security-related incidents and develops appropriate preventive and responsive strategies consistent with sound business judgment and internal controls.
- Drives organizational security awareness and training plans, methodologies, and exercises throughout the organization.
- Leads internal risk assessment and audit activities, including the development, maintenance, testing, and monitoring of internal security controls; Identifies and understands the nature of security risks in the business environment and the application of appropriate financial and managerial controls to mitigate those risks.
- Drives coordination efforts within the organization to restore critical systems and provide facilities needed by the organization to function in case of an incident of attack or catastrophe.
- Coordinates with local, state, federal, and international government agencies as required.
- A minimum of 10 years of relevant and increasing responsibility in risk management, information security, privacy, and information technology fields.
- A minimum of 5 years of people leadership experience in building, managing and/or developing high-performing teams.
- Significant experience in the evaluation, implementation, and management of enterprise-wide information security technologies and concepts, including but not limited to Secure SDLC, Application Security, Infrastructure Security, Cloud Security, Data Loss Prevention, Security Event Management, Threat and Vulnerability Management, Incident Response and Remediation, and Identity and Access Management
- Demonstrated understanding and experience with industry security frameworks (e.g. NIST, ISO, ITIL, etc.) and international, federal, and state laws and regulatory guidance impacting the organization’s risk management framework, governance, standards, capabilities and risk strategy across all lines of business.
- Excellent people leadership skills – providing direction, monitoring performance, motivating staff, and building a positive, inclusive, high-security organization.
- Exceptional technical and project management skills, written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences.
- Ability to adapt, maintain resilience to change, act calmly and competently in high-pressure, high-stress situations
- Superior analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
- Bachelor’s degree in a relevant discipline (e.g. information/cyber security, information systems, computer science, engineering, business administration), or experience equivalency.
- Advanced degree such as MBA or MS is preferred.
- Information Security professional certifications, such as CISSP, CISM, CISA preferred.
Direct Technology is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.