Director of Information Security
SMS Assist Summary
At SMS Assist, we’re not just in the business of fixing properties—we’re fixing an entire industry. Typically, facilities maintenance is tough work—both in the nature of the job (plumbing, HVAC, snow removal) and the lack of clarity throughout the experience. We decided a better way wasn’t only possible, but essential. Through our award-winning technology platform, built and powered by SMSers, we connect local contractors to our customers and help manage an experience that surpasses expectations.
Recognized on Forbes’ Cloud 100 list, Deloitte’s Technology Fast 500, Chicago Crain’s Top Tech Employers, and more, SMS Assist manages more than 186,000 properties where people live and work. Our customers’ livelihoods are in our hands—think a restaurant manager whose only fryer goes down on a busy Friday night or a family in Florida without power after a hurricane. We work across the industries that make up your community, including retail, food service, banking, residential, and more, and we help them find the right provider in our network (we call them Affiliates) in more than 45 trades.
We’re innovators, disruptors, and out-of-the-box thinkers. We set each other up for success in the office and for the perfect spike on the volleyball court during an intramural game. We’re community volunteers, karaoke partners, and lifelong friends. We’re passionate about the people we serve, and we give our all because we care. We want to make every property better, and we want your help to make it happen.
Summary
The Director of Information Security will be responsible for creating and executing strategies to ensure overall security of company systems. This role will collaborate with multiple departments, such as ITS, Product, Development, Legal, and Human Resources, to determine proper protocols, policies, audits, and training programs to meet the company’s goals. This strategic and tactical position reports to the General Counsel.
Responsibilities
- Serve as the cybersecurity risk and information security subject matter expert for the company
- Lead the company’s information security strategy and implementation to create a competitive advantage and be our customer facing “security expert”
- Work with Product, Development, and Infrastructure to assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
- Develop, enhance, implement, and monitor a strategic, comprehensive enterprise information security and cyber risk management program
- Ensure policies, procedures and protocols are being executed and amend, as necessary, to adhere to the latest legal protocols for information governance, security, and privacy mandates
- Work directly with the business units to facilitate risk assessment and risk management processes and ensure policies, procedures and protocols are being executed
- Participate in deployment of security technologies and program enhancements and ensure that resources are allocated correctly and efficiently
- Continuously monitor the changing threat landscape of cybersecurity threats and vulnerabilities and appropriately respond to them
- Develop strategies to handle security incidents and work with stakeholders to maintain a robust incident response plan, in conjuncture with the company’s DR/BCP
- Lead the identification, reporting, and response to information security incidents and coordinate security investigations and/or recommended courses of action
- Provide leadership, training and guidance to staff members and develop education programs on user awareness and security compliance for internal and external stakeholders
- Partner with business stakeholders across the company to raise awareness of risk management concerns and develop mitigation strategies
- Oversee audits of systems, including SOC 1& 2 certification processes and other security certification/assessments, and perform deep-dive analyses to address vulnerabilities and threat assessments
- Assist in preparing financial forecasts and budgets for security operations and manage outsourced IT support providers
- Develop metrics for measuring and improving the effectiveness of the overall information security plan and report them to the applicable executive management team members
- Prepare technical reports and business presentations for executive management and other stakeholders
- Perform ad-hoc projects and other duties as assigned
Professional Skills
These are the professional skills we would expect from an individual fully established in this role.
- Customer Service - Advanced
- Verbal Communication - Advanced
- Written Communication - Advanced
- Teamwork - Advanced
- Relationships - Advanced
- Negotiation - Advanced
- Organizational Awareness - Advanced
- Learning Agility - Expert
- Analysis - Expert
- Problem Solving - Expert
- Process Orientation - Expert
- Prioritization - Expert
Role Specific Skills
- Knowledge of Information technology infrastructure library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment
- Experience with cryptography, ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies
- Experience securing and navigating cloud platforms, such as AWS (Amazon Web Services), Azure, or GCP (Google Cloud Compute) platforms
- Knowledge of common operating systems (e.g. Windows, Linux, etc.), endpoint security principles, networking services and protocols; understanding of security technologies (IDS, firewalls, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level
- Computer Skills: Advanced proficiencies in Microsoft Word, Excel, PowerPoint, Outlook required
People Management Skills
- Proficient in all people management processes, including recruitment, performance management and reward
- Proficient in building, growing and developing a team; including department structure design and resourcing
- Proficient in coaching and developing individual team members to reach their potential
- Proficient in engaging multiple teams through communication, processes, personal impact and influence
Qualifications
Minimum Qualifications
- Bachelor’s degree required
- Master’s Degree preferred
- 5+ years of experience in IT security
- 3 years of management experience preferred
Other Relevant Qualifications
- Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) certification required