Director of Information Security – Program Management
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: As Director of Information Security, you will be a part of the team responsible for our enterprise security system, focused on intents such as design, engineering, and automation in the pursuit to keep Morningstar safe and secure. As a member of Information Security, you will help develop a culture where safety, security and resiliency are integrated into every facet of Morningstar. You will help us continually advocate, engineer, architect, train, identify, monitor, and automate security processes that help drive business activities in a secure manner. You'll collaborate with cross-functional teams to create innovative strategies and develop programs that drive sustainable effectiveness. This position is based in our Chicago office.
Responsibilities
+ Develops measures and monitors program performance against established objectives and achievement towards strategic goals ensuring programs stay on-time in-scope and on-budget
+ Proactively engage a diverse set of stakeholders to understand needs, prioritize, deliver, and iterate on the software delivery pipeline
+ Ensure software delivery pipeline integration into change, event, and incident processes from a security perspective
+ Work with internal clients, cross-functional partners and engineering teams to develop security technology strategies and solutions with a focus on scalable growth, automation, and optimal business outcomes.
+ Lead the continuous monitoring and protection of information processing resources
+ Develop and maintain an enterprise-wide information security training program for developers
+ Drive adoption of information security program standards throughout the organization
+ Advance the security minded culture through advocacy
+ Drives the shared accountability for the delivery and ongoing management of secure applications
+ Develop automation patterns for application security, cloud, and security operations
+ Develop key automation and monitoring processes to ensure ongoing cyber hygiene
+ Lead threat modeling training and adoption throughout the organization
Requirements
+ 10+ years’ experience in an information security role
+ Excellent communication skills and a familiarity with common compliance and security frameworks (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
+ Strong organizational skills and the ability to multitask and switch priorities with short notice
+ Proven experience in governing IT security programs to properly manage and address program progress and results against strategic goals
+ Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
+ High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
+ Experience with a source control tool (Git, CodeCommit, etc.) and build/release tool (Jenkins, AWS Code*, uDeploy, etc.)
+ Working knowledge of build, release, and configuration management practices
+ Working knowledge of monitoring and cloud operations practices