Job Description

SilkRoad Technology is the world's leader in strategic onboarding for global workforce readiness and transformation. We help organizations prepare their people for change by designing intentional, personalized journeys to increase retention and maximize agility throughout their careers. SilkRoad combines our leading strategic onboarding capabilities with world-class consulting services to deliver highly scalable, personalized experiences that engage employees and drive long-term business performance such as productivity, profitability, growth and agility.

Our Information Security team is seeking a Director of Information Security to be an integral part of the team responsible for ensuring the security of SilkRoad's data as well as our customer's data. This role is responsible for determining enterprise information security policy and strategy and oversees the development, implementation, and enforcement of information security standards and procedures.

Your contributions to SilkRoad will include: 

• Leading, sustaining, and developing experienced teams accountable for information policy, compliance, standards and controls, policy and risk governance, information and technology risk assessment, client privacy, disaster recovery, cyber-defense, incident response, and identity and access management.
• Coordinating the delivery of security audits, vulnerability assessments, and penetration tests.
• Overseeing all Information Security team to manage ongoing security initiatives, assessments and audits.
• Providing information security expertise to the organization by recommending information security initiatives, which mitigate risks, strengthen defenses, and reduce vulnerabilities.
• Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the security program.
• Leading programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts and driving responses as appropriate.
• Reviewing investigations after breaches or incidents, including impact analysis and recommendation for avoiding similar vulnerabilities.
• Reviewing third party vendors and contracts to ensure appropriate controls are in place and working effectively.
• Enhancing the competitive position of the organization by supporting and implementing new security and compliance-related products and services.
• Leading and facilitating information security governance topics, status and advice, including active involvement of and/or leading committees.
• Cultivating and building collaborative working relationships with a broad range of enterprise stakeholders.
• Serving as the corporate focal point for security incident response planning, execution, and awareness.
• Briefing the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget.
• Acting as the liaison with external agencies, such as regulators, industry groups, and law enforcement and other as necessary.
• Understanding current and proposed legal and regulatory data privacy requirements that apply to the organization or its customers such as GDPR, CCPA, foreign cybersecurity regulations, the HIPAA security rule, and various other federal/state notification laws.
• Representing organizational risk, provide thought leadership in industry and cybersecurity forums, and participate in relevant seminars, forums and committees.
• Building and enhancing business relationships between our clients and the technical teams of SilkRoad Technology.
• Leveraging executive level expertise to provide strategic security advice as a trusted security advisor to existing and prospect clientele.
• Partnering with Sales and Marketing to meet and exceed services revenue quotas through business development activities.
• Identifying pre-engagement requirements (goals, budgeting, timing, etc.) and assist with the request for proposal creation.
• Liaising between the Sales and Service delivery organizations within SilkRoad Technology's Security
• Assisting sales in understanding CISO personas, current industry and market issues/trends and assist in positioning SilkRoad Technology's security solutions to security executives.
• Providing billable executive sponsorship and delivery of client-facing projects.
• Being an industry spokesperson in front of both small and larger audiences (such as roundtable events or conferences) and contribute to thought leadership related to practice domain.

Required Skills

• Expertise knowledge of current and emerging information technology industry trends and directions including common information security management frameworks, such as GDPR, CCPA, FISMA, SOC, NIST 800-53 & CSF, FIPS, HIPPA, HITRUST, ISO/IEC 27001, ITIL, CSA CAIQ, and COBIT.
• Exceptional leadership, managerial and administrative skills.
• Ability to work collaboratively across interdisciplinary teams and manage relationships across multiple areas of the business including Professional Services, Sales, Datacenter Operations and other executive stakeholders.
• Ability to effectively lead change and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Sound judgment and ability to effectively balance information risk controls with business productivity and growth.
• Ability to communicate technical information to diverse audiences that include senior management including current and emerging digital security trends and directions.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables.
• Excellent verbal and written communication skills as well as strong analytical and problem-solving skills and operate with minimal supervision.
• Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences. 
• Ability to pass extensive background check, and ongoing background checks.
• Proficient with computer software and MS Office applications, including Word, PowerPoint and Excel.

Required Experience

• Master's degree in Computer Science, Information Systems, a related field, or equivalent work experience (15 Years+), is required.
• Minimum of 10 years of IT Security experience.
• Expertise knowledge of current and emerging information technology industry trends and directions including common information security management frameworks, such as GDPR, CCPA, FISMA, SOC, NIST 800-53 & CSF, FIPS, HIPPA, HITRUST, ISO/IEC 27001, ITIL, CSA CAIQ, and COBIT.
• At least two of the leading industry certifications such as: C|CISO, CISSP, CISM, and/or CRISC.