Information Technology Security Director

PURPOSE

As the Information Technology Security Director, you will be responsible for the strategic development, implementation, and continuous improvement of the organization's IT security program. You will lead efforts to safeguard company data, systems, and networks from cyber threats by establishing robust security frameworks, integrating cutting-edge security technologies, and ensuring compliance with industry regulations. This position requires a visionary leader with a deep understanding of IT security, proactive risk management, and the ability to collaborate across teams to ensure the highest levels of security resilience.

ROLE AND RESPONSIBILITIES

• Strategic Leadership: Develop and drive the organization's comprehensive IT security strategy, ensuring it aligns with business objectives and protects critical assets against evolving cyber threats.
• Security Framework Design & Implementation: Architect, implement, and maintain a multi-layered security posture, leveraging advanced security tools, software, and best practices to protect sensitive data and IT infrastructure.
• Proactive Risk Management: Lead regular risk assessments, vulnerability testing, and penetration testing to identify and address potential threats. Formulate and execute mitigation strategies to reduce security risks and vulnerabilities.
• Incident Response & Investigation: Monitor security events and incidents, providing swift analysis, containment, and remediation. Lead investigations into security breaches and implement corrective measures to prevent recurrence.
• Continuous Improvement & Threat Intelligence: Stay ahead of emerging threats, vulnerabilities, and industry trends, and ensure that security protocols and technologies remain up-to-date and effective against evolving cyber risks.
• Cross-Functional Collaboration: Partner with departments across the organization to ensure security is seamlessly integrated into system designs, application development, and technology infrastructure.
• Security Awareness & Culture: Design and lead employee training initiatives to foster a security-conscious culture, ensuring that all employees adhere to the organization's security best practices and policies.
• Vendor & Third-Party Risk Management: Manage relationships with external vendors, contractors, and partners to ensure they comply with organizational security standards and best practices.
• Regulatory Compliance & Standards: Ensure the organization remains compliant with relevant regulatory requirements, including GDPR, HIPAA, and industry standards such as ISO 27001. Maintain audit-ready security documentation and reporting.
• Executive Reporting & Metrics: Prepare and present detailed security reports to senior leadership, providing strategic insights, metrics, and actionable recommendations to improve the organization's security posture.

PREFERRED SKILLS, QUALIFICATIONS AND EDUCATION REQUIREMENTS

• Proven experience in IT Security or Networking with a demonstrated track record of leadership in security operations.
• Advanced knowledge of IT security frameworks, best practices, and regulatory requirements, with a strong understanding of threat landscapes.
• Expertise in secure design and architecture for network, systems, and applications, with a focus on scalability and resilience.
• Proficient in deploying and managing security technologies such as Firewalls, VPNs, IDS/IPS, DLP, encryption, antivirus software, and endpoint protection solutions.
• Strong analytical and problem-solving abilities, with a proven ability to proactively identify and mitigate security risks and incidents.
• Excellent communication skills, capable of articulating complex security concepts to both technical and non-technical stakeholders at all levels of the organization.
• Experience conducting vulnerability assessments, penetration testing, and developing remediation plans to address identified risks.
• Solid understanding of cloud security principles, with hands-on experience securing public and hybrid cloud environments.
• Ability to lead teams through complex projects and initiatives, providing mentorship and strategic direction in IT security initiatives.
• Proven track record of managing third-party vendors and service providers to ensure the secure implementation and operation of outsourced security solutions.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; or equivalent work experience.
• Relevant certifications such as CISSP, CISM, CISA, or equivalent are preferred.
• Proven experience in IT leadership roles, with a focus on managing and executing enterprise-level security programs.
• Knowledge of global regulatory standards, including GDPR, HIPAA, PCI DSS, and frameworks such as NIST and ISO 27001.
• Strong organizational skills with the ability to lead multiple projects within defined timeframe, scope and budget.

ADDITIONAL NOTES