This job has expired, please see additional jobs below
Executive Director, Information Security
Entertainment & Media Industry Company
Philadelphia, PA, United States
Job Details - this job has expired, please see similar jobs below
Summary
Responsible for managing and overseeing the overall technology and product risk, compliance and governance management for all the business units under the Company Cable coverage. Overseeing practices such as PCI, SOX, CPNI Compliance management for the enterprise, governance and management of Security policies, standards, and practices implemented across the Cable including communication, awareness of employees and support overall cable efforts to educate end users. Develops initiatives, security strategies, key goals, and activities integrating policies and guidelines aligned with Access Governance, Data Governance and Asset Governance for Cable. Defines Information Security risk framework and remediation methodologies and processes for all technology groups across cable and divisions. Collaborates extensively with the Information Technology leaders and other related functions to ensure implementation and adoption of metrics driver approach to security and compliance (i.e. use of Security Self-Service (S3) enabled by analytics tool), implementation of standards for appropriate security checkpoints and encryption methods. Provides leadership and direction for diverse and complex functions including initiatives to enable commercial services teams for selling security and compliance as a service (i.e. PCIaaS). Contributes to the development of the organization's business strategy. Interprets business strategy and develops organizational objectives to align with this strategy and GCISO teams. Collaborate with Security Innovation Front on Center for Security Innovation at Uconn. Work in tandem with external affairs teams and lend support on ever changing cybersecurity policy landscape. Forward thinking, hands-on technical and relationship focused and thought leader. Proven skills in enterprise transformational problem solving by guiding business units through the 'strategy through execution' process from the initial strategy/design, to solution implementation and on-going managed operations. Company experience is necessary for this position given the use of specific tools and CRF roadmap.
Core Responsibilities
• Executive Leadership Debriefs senior executive or Board relevant debriefs of Cybersecurity readiness, capability effectiveness, coverage, gaps, threats, impacts, all risk management related efforts & plans to achieve desired Cybersecurity maturity
• Provides thought leadership and direction for improving risk management and Information Security processes, selecting new technology, and technical problem resolution.
• M&A Cybersecurity Diligence pre/post-acquisition diligence to assist in elevating
• Cybersecurity capabilities to appropriate standards and integration/optimization of multiple combining security functions
• Security Analytics consolidating siloed security data into Big Data to establish actionable metrics, analytics to identify risky behaviors and remediate effectively across the enterprise
• Security in the SDLC integrating security throughout the SDLC to identify and resolve web application security weaknesses early and reduce the risk of successful hacker attacks in production
• Sensitive Data Protection identify, desensitize, protect and monitor company specific sensitive data that would have an adverse business impact if disclosed to the public
• Cloud Security protecting data and services in the cloud
• Provide leadership to directors and Sr. directors overseeing various GRC functions, research, industry affairs, policy and business engagements.
• Facilitates communication between staff, management, vendors, Managed Service Providers, and other technology resources within the organization
• Reviews and presents strategic plans to deliver to the Information Systems teams.
• Directs the implementation of policies and procedures related to data security.
• Designs and implements risk assessments and remediation activities, awareness and training program rollouts as needed, to implement initiatives.
• Leads management responsible for receiving input from various divisions regarding. Information Security policies, guidelines, strategic goals, risks, and risk tolerance thresholds and communicates information to Information Security team.
• Participates in departmental performance reviews. Builds, mentors, and motivates staff for optimal work performance.
• Represents department views and influences decisions on potential company security issues. Partners with other corporate functions and relevant business units to ensure that security needs are monitored and addressed as needed.
• Reviews and presents operating and capital budgets including forecasts of operations, development, testing, and any specialized needs to senior management.
• Consistent exercise of independent judgment and discretion in matters of significance.
• Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
• Other duties and responsibilities as assigned.
Education Level -Bachelor;s Degree or Equivalent
Years of Experience -Generally requires 14+ years related experience.
Certifications
• CISSP
• CISMA
Company is an EOE/Veterans/Disabled/LGBT employer and all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex or any other legally protected category.