Lehi, Utah
Director of IT� Job Opening in Lehi, Utah - We are looking for a highly experienced, reliable, and enthusiastic Director of IT with a strong background in information security to take responsibility for the following initiatives:
Information Security Governance
Develop an information security strategy aligned with business goals and objectives.
Align information security strategy with corporate governance.
Identify current and potential legal and regulatory requirements affecting information security.
Identify drivers affecting the organization (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.
Define roles and responsibilities for information security throughout the organization.
Establish internal and external reporting and communication channels that support information security.
Risk Management
Establish a process for information asset classification and ownership.
Implement a systemic and structured information risk assessment process.
Ensure that business impact assessments are conducted periodically.
Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., development and procurement).
Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.
Information Security Program Development
Develop and maintain plans to implement the information security strategy.
Specify the activities to be performed within the information security program.
Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT).
Identify internal and external resources (e.g., finances, people, equipment, systems) required to execute the security program.
Ensure the development of information security architectures (e.g., people, processes, technology).
Establish, communicate and maintain information security policies that support the security strategy.
Carry out a program for information security awareness, training and education.
Ensure the development, communication and maintenance of standards, procedures and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
Integrate information security requirements into the organization?s processes and life cycle activities.
Develop a process to integrate information security controls into contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties).
Establish metrics to evaluate the effectiveness of the information security program.
Information Security Program Management
Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
Ensure that processes and procedures are performed in compliance with the organization?s information security policies and standards.
Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
Ensure that information security is an integral part of the systems development processes and acquisition processes.
Ensure that information security is maintained throughout the organization?s processes and life cycle activities.
Provide information security advice and guidance (e.g., risk analysis, control selection) in the organization.
Provide information security awareness, training and education (e.g., business process owners, users, information technology) to stakeholders.
Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
Ensure that noncompliance issues and other variances are resolved in a timely manner.
Incident Management and Response
Develop and implement processes for preventing, detecting, identifying, analyzing and responding to information security incidents.
Establish escalation and communication processes and lines of authority.
Develop plans to respond to and document information security incidents.
Establish the capability to investigate information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
Develop a process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
Integrate information security incident response plans with the organization?s disaster recovery and business continuity plan.
Organize, train and equip teams to respond to information security incidents.
Periodically test and refine information security incident response plans.
Manage the response to information security incidents.
Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.
What You Need for this Position
CISA, CISSP, or CISM certification(s). Master's degree in Business, Computer Science, Information Assurance, Information Security, or Information Systems a plus.
Minimum seven years of experience in information security, with at least five years of experience working in an I.S. Security management role in a large, multi-platform I.S. computing environment.
Deep knowledge of requirements.
Direct hands-on experience supporting Security Information Event Management products, enterprise logging and developing & managing correlation rules, filters, trends, and reporting.
Experience with operation of large enterprise security management tools such as IDS/IPS, DLP, WAF, firewalls, NAC, etc.
Experience with Threat Intelligence, Threat Analysis and Incident Response.
Demonstrated ability to build bridges between I.T., Development, Accounting, Marketing, Sales, and Support teams.
Strong understanding of the full SDLC and deployment of applications with adherence to security standards.
Direct Sales Industry experience a plus.
PLEASE APPLY TO THIS JOB AT THIS LINK:
?opportunityId=
Job Type: Full-time
Salary: $125,000.00 /year
Required education:
Bachelor's
Required experience:
Information Security: 8 years
|
