This job has expired, please see additional jobs below
Director Information Security Policy and Governance
Delhaize America
Salisbury, NC, United States
Job Details - this job has expired, please see similar jobs below
Description
Position Title: Director Information Security Policy and Governance
Position Location: US
Position Summary: Defines and provides leadership for information security-related risk and compliance management activities, including but not limited to data protection, legal, and regulatory compliance. Partner with other information security and technology teams to define and implement tools and processes that
may have an impact on the companies’ information security posture (e.g. - Identity and Access Management). Coordinates with global DG capability owners to incorporate enterprise solutions, strategies and programs.
Principle Duties and Responsibilities:
Privacy and Data:
• Drives data classification and protection requirements, partnering with data owners, legal, risk management and other relevant functions to protect sensitive enterprise data.
• Oversees compliance with internal policy and external regulatory requirements related to data protection as set by the Information Policy and Architecture principles.
• Maintains an understanding of industry, regulatory and business data protection requirements for all sensitive enterprise data classifications.
• Integrates with IT asset management functions to regularly update/maintain the universe of sensitive IT infrastructure and application environments.
Regulatory & Policy Compliance:
• Works with the Information Policy and Architecture team to develop compliance assessments.
• Oversees the execution of internal compliance assessment activities.
• Reports compliance posture to key IT, business and information security leadership groups and executives.
• Provides advisory services to strategic information security, technology and business initiatives throughout the SDLC process.
Risk Assessment/Analysis:
• Oversees and directs annual/periodic risk assessment activities alongside Information Policy and Architecture team standards.
• Tracks and monitors enterprise information security risk posture for inclusion with strategy decisions and the information security roadmap.
• Provide oversight of root cause and remediation activities for information security issues, audit findings and observations.
• Participates in incident response activities and investigations where needed.
• Responsible for managing assigned staff. Responsible for hiring, training, and developing associates. Manages performance through performance planning, coaching, appraisal and disciplinary efforts. Communicates company and departmental policies to associates. Communicates and administers/enforces company safety practices and procedures.
Requirements
Basic Qualifications:
• Bachelor's degree or equivalent.
• Minimum 10 years experience in information security strategy and Governance, audit and assessment, incidence response, vulnerability management, and compliance.
• Broad understanding of Information Security trends, services and disciplines.
• Strong understanding of Information Security industry standards/best practices (e.g., NIST, PCI, ISO).
• Strong understanding of Information Security related laws and regulations (e.g., GLBA, EU Data Directive).
• Strong subject matter expertise in related information security technologies.
• Proven leader with excellent communication skills and ability to interface will all levels of the enterprise.