Director, IT Security, Risk and Compliance - Watsonville

General Summary

This position is responsible for the Company’s Information Technology (IT) Security, Risk and Compliance (SRC) program to ensure that the IT systems, technology projects, and information assets are adequately protected to meet the company’s General Business Principles, IT Directives and IT Security & Compliance requirements.

Essential Job Accountabilities

  1. Create and implement the company’s IT SRC strategy, in conjunction with the CIO leadership team and senior executives, to ensure it fulfils the mission and strategic goals of the company, and the IT department, while complying with internal/external regulations and accreditation standards
  2. Partner with the executive team, business organizations, IT organization and other decision makers to establish acceptable levels of residual risk and ensure compliance to internal, external and regulatory requirements
  3. Create, implement and manage the IT Security Methodology and Business Impact Analysis program to ensure compliance to internal, external and regulatory requirements
  4. Establish a structural IT SRC monitoring and control environment, which identifies and implements corrective action (where appropriate) including mitigation plans that optimally balance potential impact and probability vs. mitigation effort to ensure early detection and management
  5. Prepare and disseminate a risk based prioritized plan for conducting further compliance and security assessments/requirements to ensure security, audit and other compliance
  6. Communicate with IT Management, audit committee, executive committees and relevant partners, providing information and updates around directives, policies and standards for all areas of IT SRC to ensure IT risks are properly managed and disclosed.
  7. Partners with the Training and OD department in organizing the change management, education and training of all business units/departments (including Executive Management and User Communities), IT management and staff/users on the IT Risk Management Program (RMP) to clarify their respective responsibilities in carrying out and complying with the program.
  8. Partner with key business and IT managers in the implementation of the IT RMP to ensure support of and overall compliance with the IT RMP
  9. Implement processes and procedures, including oversight and operational accountabilities, to ensure implementation and management of various technology compliance needs (e.g. SOX, FISMA, etc.)

Education

  • Bachelor’s Degree in Information Systems, Computer Science, Engineering or related field required
  • Masters in Systems Management, Information Technology or equivalent preferred

Work Experience

  • 10+ years progressive IT experience
  • 5+ years IT Leadership & Management experience
  • 8+ years of experience with common Information Security Management frameworks, such as International Standards Organization (ISO) 17799/27001, the IT Infrastructure Library (ITIL), Federal Information Security Management Act (FISMA) and Control Objectives for Information and Related Technology (CobiT) frameworks. Capability Maturity Model Integration and Six Sigma.

Knowledge, skills, and abilities

  • This job description reflects essential functions of this position. It does not restrict management’s right to reassign duties and responsibilities to this job at any time.
  • Thorough understanding of the impact of compliance domains on technology, systems and landscape, including Oracle JDE and core financial systems
  • Strong knowledge of applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act
  • Ability to properly handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
  • In-depth knowledge and understanding of information security concepts, protocols, industry best practices and strategies, along with information risk concepts/principles as a means of relating business needs to security controls
  • Thorough understanding of and experience developing policies, procedures, standards and guidelines
  • Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from business unit/department managers
  • Proficiency in performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies
  • Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and non-technical audiences
  • Strong project management skills, and experience in creating and managing project plans, including budgeting and resource allocation
  • Superior analytical and problem-solving skills, with demonstrated ability to provide creative solutions to real-time challenges
  • Strong interpersonal and collaborative skills and ability to interface effectively with all levels of stakeholders
  • Proven experience working with legal, audit and compliance staff
  • Ability to work in high production environment and respond quickly and effectively under pressure and deadlines
  • High degree of initiative, dependability and ability to work with little supervision.
  • Sound decision making ability, with the experience to balance consensus against authority as appropriate
  • Team player, with strong leadership skills, who can operate effectively within a matrix management environment
  • Demonstrated proficiency in MS Office products (Word, Excel, PowerPoint, etc.)

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is regularly required to talk and hear. The employee frequently is required to stand, walk, sit and use hands to operate a computer keyboard. The employee is occasionally required to reach with hands and arms. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, and ability to adjust focus. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Additional Requirements/Skills

  • Comply, understand, and support corporate safety initiatives to ensure a safe work environment
  • Ability and willingness to abide by the company’s Code of Conduct on a daily basis
  • Valid driver’s license and ability to drive
  • Occasional travel, some overnight

To apply email maiello@newportsearch.com