Senior Director, Information Security
The Sr Director has global responsibility for all FTD Company's Information Security related compliance efforts, including PCI, access controls for SOX, protecting Personal Data, privacy and data protection regulations and consistency to the FTC Red Flag rules on identity theft. You will report directly into the Chief Technology Officer.
We are seeking a strong leader with the expertise, and deep knowledge to develop and implement a comprehensive, enterprise-wide I.S. strategy. You will be responsible for the development of our program, the I.S. strategy for our products, and the tactical activities to promote information security as a core value internally and externally.
Your responsibilities in this position are for the design, oversight, and ongoing management of the Info Security program. That will include the policies, procedures, technical systems, and workforce training in order to maintain the security, integrity, and readiness of data within all FTD Companies Brands. You will address electronic systems architecture and functionality as it affects the safeguards of protected business information assets. You will support information security and privacy requirements; maintenance of confidentiality, integrity, and availability of data as the necessary programs integrate; development and maintenance of security policies and procedures including management of security risk assessments, the program budget, security complaints and incident activity, and enforcement; workforce security training and awareness; and application of industry standards and standard methodologies.
You will manage the security across a widely dispersed workforce with a variety of information mediums. You will have the capability to serve as a security resource to all levels including executive management, department employees, business associates, and external bodies such as state agencies.
Essential Duties and Responsibilities:
- Work closely with the technology teams to ensure systems are secure upon implementation; includes personal computing devices and storage.
- Lead the work to craft required quarterly reporting, including external and internal vulnerability scans, wireless scans, access control documentation. Work with others in IT and Internal Audit to ensure compliance for security and other regulatory measures.
- Provide oversight and governance on the Information security requirements for external vendors, including cloud-based ones.
- Track to defined SLAs and provide reporting against those SLAs and lead periodic testing of FTD's Security Incident Response plan
- Provide leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security.
- Recognize problems by identifying abnormalities and report violations appropriately and address complicated issues that IT Service Center technicians cannot resolve.
- Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
- You form a "center of excellence" for information security management, for example offering internal management consultancy advice and practical assistance on info security risk and control matters organization-wide and promoting the commercial advantages of managing information security risks more efficiently and effectively
- You lead the preparation of necessary information security policies, standards, procedures, and guidelines, in conjunction with the Security Committee and present information to executive leadership.
- You shall lead the design and operation of related compliance monitoring and improvement activities ensuring compliance both with internal security policies etc. and applicable regulations and laws
- You'll lead suitable information security awareness, training, and educational activities. Such as training for the company and training on secure coding methodologies such as OWASP for the application development teams.
- You lead and participate in the company's disaster recovery and business continuity program lead IT risk assessments activities
- You will review technology contracts to ensure that data and network security aspects are properly addressed
- You review system and application specifications and makes recommendations for security improvements
Other things may come up. We ask you to help us perform those takes as they happen to increase your skill set as an amazing human being. We encourage you to identify new opportunities to innovate within a culture of complete transformation.
Knowledge, Skills, and Abilities:
We seek a leader with a Bachelor of Science degree in Information Systems, Computer Science or related field. You need 7+ years of experience in Info Security management and/or related functions (IT audit and IT Risk Management). Additionally, 5+ years of experiences with complex system environments (e.g. directory services, email, VPNs, heterogeneous desktop and mobile operations system, Windows 7, Outlook 2003/2010, Blackberry, iPhone, and iPad/mobile devices
- We need someone with current knowledge of federal, state privacy and security laws and regulations, such as GDPR, Privacy Shield, and The California Consumer Privacy Act of 2018.
- We want you to have any of the following Information Security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials are helpful
- We need leadership qualities with knowledge of technical infrastructure security components and integrate computerized rules-based systems.
- We want someone with experience with Wi-Fi, Enterprise Anti-Virus solutions, software distribution tools, and problem tracking software
- We desire you to be well versed in PCI DSS compliance, ISO 27001, 27002 standards, and the Cloud Security Alliance Cloud Controls Matrix
- You'll manage CAPEX and OPEX budget planning to support security strategy
- Keep up to date on new and evolving security technologies and services available in the market and on cybersecurity threat trends and intelligence
Come to join our team and be part of an exciting transformation. This position will be based in Downers Grove, Illinois. Consider joining one of the few companies outside of Silicon Valley able to offer development of a high-traffic e-commerce platform receiving upwards of 40K customer purchases an hour.