Director of Global Information Security, Risk, Compliance and Privacy in 3445 Peachtree Rd NE, Atlanta, GA 30326 at CareerBuilder

Date Posted: 11/17/2020

Job Snapshot

Job Description

US - CareerBuilder

 

 

Director of Global Information Security, Risk, Compliance and Privacy

The Director of Global Information Security, Risk, Compliance & Privacy is a business/technology executive who will be responsible for providing leadership in a comprehensive Security program and ensuring compliance. The successful candidate will oversee and coordinate CareerBuilder’s Risk program as part of the security organization. This person is responsible for providing expertise in the areas of compliance, IT audit, risk management, third party vendor management, privacy, security training and awareness, policy management, monitoring, identifying and investigating security threats and incidents, information security metrics, data protection, software security, oversight of the data protection program, and monitoring the effectiveness of the security risk management and third party management functions, as well as constructing, implementation, oversight and advisory activities at an enterprise level for fraud risk management. They will also assist with sales-related inquiries according to priorities.

 

The Director has accountability for maintaining, executing, and directing the cyber security, digital security, and data privacy initiatives across the organization to mitigate risk. This role is both tactical and strategic. It is responsible for managing the reporting, investigation, and resolution of data security incidents. In addition, the role provides guidance and direction on best practices for the protection of data and information and ensuring compliance with regulations and privacy laws.


The Director will maintain and improve CareerBuilder’s holistic approach to governance risk and compliance by applying and integrating industry best practices into the top-level business processes at CareerBuilder. It will develop and drive remediation for critical issues by leading process redesign where necessary. It will also create formal networks with key decision makers and serve as an external spokesperson for the organization on matters related to security and maintaining overall information security customer facing documents.

Responsibilities

  • Maintain and improve a scalable, sustainable, and robust cyber risk management program including governance, assessment, monitoring, and reporting procedures
  • Build a cross-functional team of Security, Risk and Compliance & Privacy experts and mature the team's capabilities.
  • Adopt defensive secure development practices to help the development and engineering teams build secure products and services.
  • Leads ISRCM strategy, with a roadmap of key deliverables and timelines, and delivers consistently
  • Measure and maintain a security controls framework that consists of standards, measures, practices, and procedures that provides assurance of compliance to regulatory requirements (NIST CSF & 800-53, ISO 27001, PCI, GDPR, CCPA, SSAE18, Hitrust and SOX)
  • Facilitates the fraud risk assessment to ensure(s) comprehensive coverage of internal and external fraud as well as ensures adequacy of coverage for end-to-end processes that span multiple business lines
  • Tracks and validates existing fraud risk strategies and design new proprietary fraud detection strategies
  • Responsible for partnering with global teams to ensure successful cross-functional Security needs are met including Incident Response, Identity and Access Management, Threat and Vulnerability Management and alerting and monitoring
  • Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices as part of a controls assurance program
  • Deploys and maintains an internal and external IT/Security audit program
  • Oversees the formal risk analysis and self-assessments program for various Information Services systems and processes
  • Deploys and maintains a 3rd party vendor security management program
  • Assists the sales organization in the pre-sales process with partners and customers
  • Assists in the design and measurement of privacy controls
  • Oversees the security policy, standards and policy exceptions management process, coordinates approval, and updates with appropriate parties. Involves relevant parties for security risk and compliance issues that span legal, compliance and regulatory requirements.
  • Monitors the effectiveness of the security risk management and third party management functions, including assessing the level and quality of service provided by professional services, including software security and security controls assessment services.
  • Contributes expertise to help determine requirements and functional specifications for entire organization
  • Manages, coaches, leads, and develops a staff of information Security professionals
  • Plan and execute of the global information security divisional budget
  • Improves and maintains the CareerBuilder’s information security controls framework
  • Improves and maintains the CareerBuilder’s information security compliance framework
  • Improves and maintains the CareerBuilder information security risk framework
  • Maintains security policy framework
  • Performs compliance related activities including attaining and maintaining certifications
  • Acts as a key member of the CISO staff and assists with other duties as required

The above statements represent a general outline of principal job functions and should be not be construed as a complete description of all aspects and requirements inherent in this job.

 

Job Requirements:

Qualifications:

  • Demonstrated experience dealing with security challenges and issues confronting a large, geographically distributed, departmentally diverse, global, public-facing organization
  • 7-10 year experience in privacy regulations (e.g. GDPR, HIPAA, CCPA, PIPEDA etc) and demonstrable experience in the interpretation of and compliance with such regulations in a complex business environment.
  • 7-10 years’ in IT, or Audit, including specialization in IT Security and/or a combination IT Compliance, IT Audit, and Information Security
  • 7-10 years’ experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/ HIPAA/PCI/ SSAE-18 related requirements. 
  • Subject matter expertise with security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
  • Experience and expertise in the development, execution, and maintenance of HITRUST compliance or equivalent HIPAA Experience.
  • Bachelor’s degree in Computer/Information Science (or related BS degree).
  • Must be able to build and leverage internal and external relationships, facilitate decisions and results at all levels of the enterprise, and drive strategies and projects to solution.
  • Be able to provide manage a wide range of compliance issues relating information security; coordinate remediation efforts throughout the enterprise, analyze risks and implement mitigation actions;
  • Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
  • Knowledge of applicable practices and laws relating to data privacy and protection.
  • Knowledge of basic software programming paradigms and best practices inclusive of, but not limited to, Privacy by Design and OWASP.
  • General knowledge of hardware systems and architectures, both traditional data center and public-cloud.
  • Ability to relate regulatory or framework requirements to multiple parties including engineering staff of both hardware and software.
  • Experience in strategic planning, budgeting, consulting, and general industry experience.
  • Proficient ability to effectively utilize resources throughout the organization as well as external vendors.
  • Demonstrated effective leadership and communication skills.
  • Experience working in a team-oriented, collaborative environment.
  • Demonstrated results orientation, initiative, attention to detail, and customer service orientation.
  • Obtained or demonstrates an active pursuit of one or more of the following certifications: CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP) or other related certifications.

This position will work with confidential and proprietary information that requires a signed Employee Non-Disclosure Agreement upon hire.


 

 

Benefits-We’re All About You! 

When you're focused on the goal, not the path – you can be more flexible, and that translates into more productive and satisfied employees. From flexible hours to volunteering during work hours to diverse education opportunities, CareerBuilder is committed to helping employees strike a balance. 

Here are just some benefits we offer:

  • Training that positions you to hit the ground running with ongoing learning and development courses; we never stop investing in our people.
  • Comprehensive Medical, Dental & Vision Programs
  • Education Reimbursement Program allowing up to $5k per year towards completion of a Bachelor’s and non-MBA graduate degree, and up to $10K per year towards completion of an MBA
  • Global Wellness initiatives to promote financial, mental and physical health and well-being
  • 401(k) Program with a two year vesting schedule, discretionary match, and an opportunity to make Pretax and Roth contributions

CareerBuilder, LLC is proud to be an Equal Opportunity Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, ancestry, marital or veteran status.

 

TSR ID: 001999