What are the responsibilities and job description for the Director of Security & GRC position at CliftonLarsonAllen?
At CLA we create inspired careers.
CLA, one of the nation’s largest public accounting and professional services firm is currently seeking a Director of Security & GRC to join our growing team.
Summary
The Director of Security & GRC provides focused leadership in the areas of Security, Governance, Risk, & Compliance. This includes keeping the firm and our clients safe from internal and external threats including both Information Security and Litigation threats. It also includes the strategic design and management of compliance operations for all pertinent data security and privacy regulations.
Essential Job Functions
- Provide ownership and strategic thought leadership for all aspects and functions of the Security and GRC teams.
- Build and lead a high-performing information security team, including hiring, training, coaching, and mentoring staff.
- Manage the strategic direction of the CLA Security Services organization, both internal and external, consisting of Security Operations, Cyber Security, Network Security, Application Security, Physical Security, and Identity.
- Develop business-relevant metrics to measure the efficiency and effectiveness of the Security & GRC programs, facilitate appropriate resource allocation and increase the overall maturity of these programs.
- Oversee security incident response and recovery activities, including investigation, containment, mitigation, and reporting of security incidents.
- Work with CLA executives and stakeholders to integrate security into the organization's overall business strategy and operations.
- Manage the organization's security budget and ensure that appropriate resources are allocated to support the security & GRC programs
- Conduct risk assessments and vulnerability testing to identify potential threats and vulnerabilities to the organization's information assets.
- Provide subject matter expertise to IT Leadership on a broad range of information security standards and leading achievable practices, such as ISO, SOX, GDPR, HIPAA.
- Deliver strategic design and operations surrounding the following services: litigation response, records and information management, risk management and data security.
- Delivery of a firm-wide security awareness and education program, administration of 3rd party risk assessment program, providing security assurance to CLA clients, and compliance operations.
- Develop, implement, and monitor a strategic, comprehensive enterprise information security management program to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by CLA.
- Stay up to date with emerging threats and technologies in the field of information security and ensure that the organization's security program evolves to meet new challenges.
Requirements
Experience
10 years’ experience in Security, Governance, Risk, and Compliance. 6 years’ experience in a Leadership role.
Education
Bachelor's Degree required. Associate degree plus five years of related technical experience acceptable in lieu of Bachelor’s Degree.
Certifications / Licenses
CompTIA Security , SANS GIAC, CISSP, or other standard security certification preferred.
#LI-JH1
Equal Opportunity Employer /AA Employer/Minorities/Women/Protected Veterans/Individuals with Disabilities.
Wellness at CLA
To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more.
To view a complete list of benefits click
here
.Meetings Manager, MDS
Executive Director, Inc. -
Milwaukee, WI
Future Opportunities: Non-Profit Project Manager, EDI
Executive Director, Inc. -
Milwaukee, WI
Systems Engineer, EDI
Executive Director, Inc. -
Milwaukee, WI