Senior Director, Information Security in 200 N. LaSalle St, Chicago, IL 60601 at CareerBuilder

Date Posted: 3/22/2024

Job Snapshot

Job Description

Office Locations: Bangalore, India and Noida, India 

Job Title:                                             Senior Director, Information Security          

Department:                                        Information Security

Supervisor’s Title:                             Chief Technology Officer

City:                                                    Noida

Country:                                             India

Pay Type:                                           Full Time / Permanent

Date Last Edited:                               February 2024

 

Summary of the Job:

Reporting to the Chief Information Security Officer, the Director of Global Information Security, Risk, Compliance & Privacy is a business/technology executive who will be responsible for providing leadership in a comprehensive Security program and ensuring compliance. The successful candidate will oversee and coordinate CareerBuilder’s Risk program as part of the security organization. This person is responsible for providing expertise in the areas of compliance, IT audit, risk management, third-party vendor management, privacy, security training and awareness, policy management, monitoring, identifying and investigating security threats and incidents, information security metrics, data protection, software security, oversight of the data protection program, and monitoring the effectiveness of the security risk management and third-party management functions, as well as constructing, implementation, oversight and advisory activities at an enterprise level for fraud risk management. They will also assist with sales-related inquiries according to priorities.

 

The Director is accountable for establishing, executing, and directing the cyber security, digital security, and data privacy initiatives across the organization to mitigate risk. This role is both tactical and strategic. It is responsible for managing the reporting, investigation, and resolution of data security incidents. In addition, the role provides guidance and direction on best practices for the protection of data and information and ensuring compliance with regulations and privacy laws.

 

The Director will design and maintain a holistic approach to governance risk and compliance by applying and integrating industry best practices into the top-level business processes at CareerBuilder. IT will develop and drive remediation for critical issues by leading process redesign where necessary. It will also create formal networks with key decision-makers and serve as an external spokesperson for the organization on matters related to security and maintaining overall information security customer-facing documents.

 

Essential Responsibilities:

  • Build and maintain a scalable, sustainable, and robust cyber risk management program including governance, assessment, monitoring, and reporting procedures
  • Build a cross-functional team of Security, Risk Compliance & Privacy experts and mature the team's capabilities.
  • Adopt defensive secure development practices to help the development and engineering teams build secure products and services.
  • Defines an ISRCM strategy, with a roadmap of key deliverables and timelines, and delivers consistently
  • Develop, measure, and maintain a security controls framework that consists of standards, measures, practices, and procedures that assure compliance to regulatory requirements (NIST CSF & 800-53, ISO 27001, PCI, GDPR, CCPA, SSAE18, Hitrust and SOX)
  • Develops and facilitates the fraud risk assessment to ensure(s) comprehensive coverage of internal and external fraud as well as ensures adequacy of coverage for end-to-end processes that span multiple business lines
  • Tracks and validates existing fraud risk strategies and designs new proprietary fraud detection strategies
  • Responsible for partnering with global teams to ensure successful cross-functional Security needs are met including Incident Response, Identity and Access Management, Threat and Vulnerability Management and alerting and monitoring
  • Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices as part of a controls assurance program
  • Develops, deploys, and maintains an internal and external IT/Security audit program
  • Establishes and oversees the formal risk analysis and self-assessment program for various Information Services systems and processes
  • Develops, deploys, and maintains a 3rd party vendor security management program
  • Assists the sales organization in the pre-sales process with partners and customers
  • Assists in the design and measurement of privacy controls
  • Oversees the security policy, standards and policy exceptions management process, coordinates approval, and updates with appropriate parties. Involves relevant parties for security risk and compliance issues that span legal, compliance and regulatory requirements.
  • Monitors the effectiveness of the security risk management and third-party management functions, including assessing the level and quality of service provided by professional services, including software security and security controls assessment services.
  • Contributes expertise to help determine requirements and functional specifications for the entire organization
  • Manages, coaches, leads, and develops a staff of Information Security professionals
  • Plan and execute the global information security divisional budget
  • Designs and maintains the CareerBuilder’s information security controls framework
  • Designs and maintains the CareerBuilder’s information security compliance framework
  • Designs and maintains the CareerBuilder information security risk framework
  • Maintains security policy framework
  • Performs compliance-related activities including attaining and maintaining certifications
  • Acts as a key member of the CISO staff and assists with other duties as required

The above statements represent a general outline of principal job functions and should be not be construed as a complete description of all aspects and requirements inherent in this job.

Job Requirements:

Required Knowledge and Skills:

  • Demonstrated experience dealing with security challenges and issues confronting a large, geographically distributed, departmentally diverse, global, public-facing organization
  • 7-10 years experience in privacy regulations (e.g. GDPR, HIPAA, CCPA, PIPEDA etc) and demonstrable experience in the interpretation of and compliance with such regulations in a complex business environment.
  • 7-10 years in IT, or Audit, including specialization in IT Security and/or a combination of IT Compliance, IT Audit, and Information Security
  • 7-10 years experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/ HIPAA/PCI/ SSAE-18 related requirements.
  • Subject matter expertise with security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
  • Experience and expertise in the development, execution, and maintenance of HITRUST compliance or equivalent HIPAA Experience.
  • Bachelor’s degree in Computer/Information Science (or related BS degree).
  • Must be able to build and leverage internal and external relationships, facilitate decisions and results at all levels of the enterprise, and drive strategies and projects to solutions.
  • Be able to manage a wide range of compliance issues relating to information security; coordinate remediation efforts throughout the enterprise, analyze risks and implement mitigation actions;
  • Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
  • Knowledge of applicable practices and laws relating to data privacy and protection.
  • Knowledge of basic software programming paradigms and best practices inclusive of, but not limited to, Privacy by Design and OWASP.
  • General knowledge of hardware systems and architectures, both traditional data centres and public cloud.
  • Ability to relate regulatory or framework requirements to multiple parties including engineering staff of both hardware and software.
  • Experience in strategic planning, budgeting, consulting, and general industry experience.
  • Proficient ability to effectively utilize resources throughout the organization as well as external vendors.
  • Demonstrated effective leadership and communication skills.
  • Experience working in a team-oriented, collaborative environment.
  • Demonstrated results orientation, initiative, attention to detail, and customer service orientation.
  • Obtained or demonstrated an active pursuit of one or more of the following certifications: CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP) or other related certifications.

This position will work with confidential and proprietary information that requires a signed Employee Non-Disclosure Agreement upon hire.

 

Education:

Bachelor’s or Master’s Degree in related courses.

 

Minimum Years of Experience:

7 - 10 years of experience in software application support or service organization

Benefits and Perks

Connecting people with meaningful work is one of the most important things anyone can do – which means we need to support the employees who make that possible. CareerBuilder’s team enjoys a host of perks and benefits, including: 

  • Group Health Insurance – Acko General
  • Group Personal Accidental Insurance – Acko General
  • Group Term Life Insurance – Tata Aia Life Insurance
  • Retirement Plan – Provident Fund
  • Retirement Plan – Group Gratuity Plan (Ggp)
  • Time off
    • Holidays
    • Casual Leaves
    • Sick Leaves
    • Maternity Leave
    • Paternity Leave
    • Compassionate Leave
  • Employee Referral Program
  • Remote Flexibility
  • Rewards & Recognition Program
  • Virtual Employee Events

TSR ID: 002854

CHECK OUT OUR SIMILAR JOBS

  1. IT Jobs
  2. IT Manager Jobs