Security Engineer

• Report to the Senior Director, Information Technology and own/deliver the “Six P’s” (processes, people, portfolio, policy & architecture, performance management, projects)
• Establish governance and provide regular reporting on the cybersecurity program to enterprise risk teams and senior leaders
• Work with vendor management and procurement to include cybersecurity requirements in vendor contracts
• Direct creation of targeted cybersecurity awareness training programs and establish metrics to measure effectiveness
• Advise on the organization’s cyber risk posture and mandatory controls
• Lead the cybersecurity function across the company and determine operating model aligned with risk management
• Manage an effective cybersecurity organization (one direct report) and third-party relationships
• Develop a cybersecurity vision and strategic comprehensive program ensuring confidentiality, integrity, and availability of information assets
• Facilitate cybersecurity risk assessment and risk management with business units
• Enhance security posture by adopting frameworks (ITIL, COBIT/Risk IT, NIST Cybersecurity Framework)
• Develop and own cybersecurity policies, standards, and guidelines; oversee approval and publication
• Facilitate metrics and reporting frameworks for program effectiveness and review with executive and board stakeholders
• Coordinate development and implementation of incident response plans and procedures; provide direction, support, and in-house consulting during security events

Director, Information Security

Salary

Job Level

Tech Stack

About the role

Requirements

Senior Internal IT Auditor - Hybrid - Chicago, IL

Senior GRC Analyst

Cybersecurity Manager

Cybersecurity Technical Project Manager

Identity and Access Management Architect