Job Details

ID #44935614
State District of Columbia
City Washington
Job type Permanent
Salary $160,000 - $200,000
Source AMS Staffing Inc.
Showed 2022-08-17
Date 2022-08-16
Deadline 2022-10-15
Category Et cetera
Create resume
Apply Now

Associate Director, Cyber Security & Compliance

District of Columbia, Washington 00000 Washington USA
Apply Now

Please send your resume in WORD format if you are interested in this Associate Director of Information Security opening with our client in Washington DC.

Title: Associate Director, Information Security and Compliance

Location: Washington DC (Hybrid Remote)

Duration: Perm/Full time

Compensation: $150-200K + Bonus + Excellent Benefits

Vaccination: Required

No Visa sponsorship, Transfer or C2C available for this client.The Associate Director, Information Security will be part of the DIGITAL (Data, IT, Technology, Security and Analytics) leadership team reporting to CIO and will be responsible for implementing and running the enterprise information security program.This role is critical to ensure informational assets and associated data, technology, applications, systems, infrastructure, and processes are secured and protected.The Associate Director, Information Security will lead a team of Information Security experts and S/He will proactively work with all business units to implement practices, policies, infrastructure, and standards for information and cybersecurity.

Duties & Responsibilities

Set the Information Security Strategy:
  • Develop enterprise-wide information security vision and strategy that is aligned and enables organizational priorities and mission, and ensures employees & stakeholder buy-in
  • Develop, implement, and monitor strategic and comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization
  • Work effectively with business units to facilitate information security risk assessment and control management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite

Thought Leadership:
  • Collaboratively partner with business stakeholders to define requirements and build the right Information Security program.

Developing the Information Security Framework:
  • Develop and enhance Information security framework based on industry standards [e.g., ISO 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, CIS and NIST Cybersecurity Framework]
  • Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from US laws, standards, and regulations
  • Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversees the approval and publication of these information security policies and practices
  • Create a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection of information assets
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and employee levels

Operationalize Information Security Framework:
  • Create a risk-based process for the assessment and mitigation of any information security risk across the organization
  • Ensure all information owned, collected or controlled by or on behalf the organization is processed and stored in accordance with applicable laws and other regulatory requirements, such as data privacy
  • Partner with legal team to define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
  • Ensure Information security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines
  • Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk
  • Manage information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation
  • Monitor the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
  • Develop and oversee effective disaster recovery policies and standards in partnership with Admin Services team to align with the enterprise business continuity management (BCM) program
  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas
  • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem

Team Leadership & Talent Development:
  • Build, lead, and retain a team of committed and innovative employees and managers through coaching, culture, trust, accountability, and empowerment.

Data Governance:
  • Supports the Data Governance initiative. Data Governance will need orchestration of people, processes, and technology to plan, guide, implement, and monitor DATA strategies, policies, and standards. Data Governance will ensure effective usage, consistency, security, compliance, accuracy, and control of data
Required Skills
  • Excellent verbal and written communication skills
  • Proven leadership skills, both in direct management and in matrix environments
  • Excellent stakeholder management skills
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Effective communication, collaboration, and negotiation skills; ability to work effectively and efficiently in a fast-paced and dynamic environment in the context of scaling and accelerating growth and adapting to change
Required Experience
  • At least 10 years of progressive leadership experience in IT and Information Security
  • Should be currently at Associate Director or at Director Level leading information security program at for profit or nonprofit organizations
  • 8+ years of experience implementing Information Security programs for organizations using a mix of staff and contractors
  • Demonstrative experience in building information security programs and execution
  • Demonstrated knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, CIS, and NIST Cybersecurity Framework
  • Demonstrated knowledge of information security risk management and cybersecurity technologies
  • Ability to design and implement data governance practices
  • Effective communication, collaboration, and negotiation skills; ability to work effectively and efficiently in a fast-paced and dynamic environment in the context of scaling and accelerating growth and adapting to change
  • Master's or bachelor's degree from an accredited institution
  • Certifications preferred but not mandatory (Cybersecurity training could be used in place of certifications)
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials

Apply Now Subscribe Report job