Director, Information Security

• Work with an award-winning team that values YOU!
• Paid Childcare Reimbursements up to $10k/year
• Paid Tuition Assistance up to $5,250/year
• Generous Medical, Dental, Vision and RX
• Free Healthcare through Marathon Health
• Pet Insurance
• Up to 5% Match Retirement Plan
• Generous Paid Time Off Programs & MORE!

GENERAL SUMMARY

The Director, Information Security will be the primary person responsible for driving information security strategy as well as crafting policy, enforcement, and compliance with regulatory requirements regarding information security for the IAA. Their primary responsibility is to oversee the establishment, implementation, and management of comprehensive security programs to safeguard the IAA's information systems and data assets. The Director, Information Security will be expected to coordinate internally with IT teams to implement technical measures to accomplish strategic and policy objectives.

ESSENTIAL FUNCTIONS

• Develop and execute a strategic vision for information security aligned with the IAA’s objectives and regulatory requirements.
• Formulate and enforce information security policies, standards, and procedures to ensure compliance with relevant regulations and best practices.
• Identify, evaluate, and prioritize security risks and vulnerabilities and develop and implement strategies and policies to mitigate these risks effectively.
• Lead responses to security incidents or breaches and oversee investigations, containment, and recovery efforts. Coordinate with relevant teams within the IAA as well as external stakeholders both in containment/recovery efforts as well as to minimize damage and prevent future incidents.
• Manage a team of information security professionals, fostering a culture of communication, openness, diverse ideas, and security awareness.
• Collaborate across departments to integrate information security into non-technical areas of the IAA.
• Assess, select, and deploy security technologies and tools to protect against cyber threats. Stay up-to-date on emerging technologies and threats to ensure the continued effectiveness of information security measures.
• In concert with IAA Human Resources, develop and conduct training programs to educate employees about security best practices, ensuring a high level of compliance and awareness of typical vectors of attack.
• Regularly assess the effectiveness of security measures, staying updated on emergent threats, and adjusting policies, strategies, and measures accordingly.
• Lead the design and implementation of robust security architectures for IAA systems and networks, ensuring scalability and resilience.
• Evaluate and manage security risks associated with third-party vendors and business partners. Develop and implement strategies to ensure the security of shared data and resources.
• Oversee the selection, onboarding, and ongoing management of third-party security vendors and service providers, ensuring vendors align with IAA security standards and policies. Regularly assess vendor performance and establish clear communication channels to mitigate potential risks associated with outsourced security services.
• Serve as the point of contact for regulatory agencies regarding cybersecurity matters. Prepare and submit necessary reports and documentation to ensure compliance with relevant laws and regulations.
• Collaborate with relevant stakeholders to develop and maintain comprehensive business continuity and disaster recovery plans, ensuring the IAA’s ability to respond effectively to potential disruptions.
• Other duties as assigned.

MINIMUM REQUIREMENTS

Formal Education, Experience & Certification

• University Bachelor’s (required) or Master’s (preferred) degree in the field of computer science, IT, MIS, or related field preferred. Relevant certifications (CISSP, CISM, etc.) are highly desirable.
• Proven experience (10 years) in information security with a track record of leadership in designing and implementing successful security programs.
• Must have nothing in a background check that would prohibit the ability to obtain a Secret Security Clearance per TSA requirements.

Knowledge & Skills

• Strong leadership and managerial skills with the ability to lead, mentor, and inspire a team.
• Excellent communication and interpersonal abilities
• Capable of collaborating effectively across departments and levels of the organization.
• Strong analytical and problem-solving skills with a proactive and strategic mindset.
• Deep understanding of cybersecurity principles, technologies, and best practices
• Experience working in a switched, segmented, and routed multi-site environment.
• Knowledge of antivirus, spam, IDS, firewalls, content filtering, and other relevant network security monitoring tools.
• Operational understanding of PCI standards and requirements.
• Clear understanding of the organization’s goals and objectives.
• Knowledge of applicable data privacy practices and laws.

Personal Attributes

• Ability to conduct and direct research into IT issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to perform general mathematical calculations for the purpose of creating business cases, budgets, and so on.
• Highly self-motivated and directed.
• Attention to detail.
• Proven analytical, evaluative, and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Exceptional customer service orientation.
• Extensive experience working in a team-oriented, collaborative environment.
• Ability to conduct research into IT networking issues and products as required.

PHYSICAL REQUIREMENTS

• Ability to sit for extended periods of time.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components.
• Occasional squatting and bending for inspection of cables in floors and ceilings.
• Lifting and transporting of moderately heavy objects (30-40 pounds) in succession for period of time.

WORK ENVIRONMENT

• 40 -hour on-site work week plus on-call rotation.
• Exposure to high-stress situations.
• Multiple work sites.
• After hours work for IT maintenance windows will occasionally be required.