Director, Data Security

Essential Function / major duties and responsibilities of the job 

Strategic 

• Provide strategic direction specific to data security management 

• Build and maintain a robust data security program while aligning closely with CLS's mission 

• Improve and manage the data security program and the company wide security standards for the management of information assets 

• Contribute to the overall security strategy in its annual iterations 

• Provide strong knowledge of building security into business expectations for the utilization and hosting of critical CLS data / information assets 

• Work with the Security Architects to build security into infrastructure and architecture designs and guide the implementation with the Operations team 

• Provide direction and advice on projects to strengthen the overall cybersecurity posture 

• Assess SaaS and IaaS cloud services and virtualization technologies and provide direction and input for the maturation of the Cloud Security Framework in respect to data classification 

• Enhance security programs in response to regulatory requirements, internal audit and planned strategic initiatives 

• Foster relationships with key functional teams such as IT, Compliance, Operations, Finance, HR, Internal Audit, and Enterprise Risk to support current and future initiatives. 

• Maintain timely understanding of CLS information assets, where they reside and how they are being utilized and hosted, continually review opportunities to improve the overall controls around data security 

• Keep informed of new and updated industry frameworks and regulations: GDPR,  ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook 

• Keep informed of new and emerging security threats & assess effectiveness of current controls to identify opportunities for program improvement 

• Translate relevant directives, guidance, and rules into actionable data for consumption by the CISO and wider security teams 

Operational 

• Communicate vulnerabilities risks and remediation methods to business owners, developers and technical teams 

• Perform security testing on data controls using dynamic and static analysis tools 

• Integrate the defined relevant security controls into data security program 

• Ensure the operational security teams have the appropriate tooling / capabilities and quality assurance for data security management 

• Create and deliver knowledge sharing presentations and documentation to security, developers and operations teams 

• Learn on the job and explore new technologies independently to identify new and emerging security threats 

• Coordinate and maintain security policies, guidelines and procedures which communicate security controls that reduce risk to levels consistent with CLS risk tolerance.  

• Prepare and deliver security briefings for consumption by CLS Security, CISO, Executive Management Committee, and the CLS Board of Directors. 

• Assure compliance with security controls to identify control gaps, develop remediation plans and determine residual risk 

• Improve security metrics program to report key performance and risk indicators, trend statistical data and publish management reports for Internal Audit, Regulatory Exams, Risk Committee and Board reporting. 

• Perform risk assessments of third-party vendors according to vendor criticality and vendor type to identify control gaps, develop remediation plans and determine residual risk 

• Perform risk assessments of applications according to application criticality and application type to identify control gaps, develop remediation plans and determine residual risk 

Leadership 

• Provide leadership across Security functions and beyond for all aspects of data security 

• Individual contributor 

• Mentor junior members of the team technically and professionally 

Experience / essential and desired for successful job performance 

• 5-8 years functional security expertise with broad understanding of competencies and the lifecycle of data security management  

• Experience developing or managing security programs preferably across several domains including metrics and reporting for program maturity and risk reduction 

• Experience and/or training on GDPR requirements and other data protection laws 

• Experience defining program roles and responsibilities, assessing / identifying knowledge gaps across teams and implementing required training plans  

• Ability to collaborate effectively with others to drive forward key security objectives 

• Strong documentation and report writing skills (to both technical and business audiences). 

• Excellent time management and organizational skills 

• Knowledge of policy frameworks and understanding of policies, procedures, guideline structure 

• Knowledge of firewalls, IPS, DLP, proxies, SEIM, & endpoint protection software 

Qualifications / certifications 

• B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent) 

• Security certifications such as CompTIA Security +, CISSP, CISA, CRISC, CCNA, GIAC, or equivalent or working towards certification is preferred  

• Knowledge of Risk Management life cycles based on an established framework: ISO 27001, SANS, NIST SP 800-53, CERT, ENISA.   

• Working knowledge of the following frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls,  NIST CSF, and FFIEC handbook 

• An advanced degree would enhance the candidate’s credentials 

Success factors / ‘How’. Personal characteristics contributing to an individual’s ability to excel in the position 

• Possess a strong service-oriented mind set to consistently deliver balanced security solutions that include people, process and technology 

• Possess strong technical, analytical and problem solving skills 

• Self-motivated to exceed management expectations and objectives. 

• Ability to effectively communicate complex technical issues to both business and technical staff at all levels. 

• Strong collaboration skills to tackle complex security challenges that may span across multiple internal and external departments and groups 

• Able to effectively cope with change and comfortably handle risk and ambiguity, not upset when things are up in the air 

• Tenacious resolve and positive attitude in challenging situation 

#LI-JF1