The Director of Security is responsible to maintain a secure and compliant security program. This is achieved through the day to day management and oversight of all security programs and controls. This role is also responsible to ensure all security programs are efficiently utilized, the cost to perate and support the programs align with business expectations, and that all regulatory and compliance requirements are met (to include, but not limited to FFIEC, FDIC, PCI-DSS, federal and state security and compliance regulations, etc…).
- Development of information security policies, standards and procedures. Work with key IT representatives, data owners and governance teams in their development. Ensure they support compliance with external requirements.
- Disseminate security policies, standards and procedures.
- Develop and administer system and information ownership; information and data classification guidelines; access control and recertification procedures; standards and procedures.
- Develop and administer an enterprise wide records management and records destruction program.
- Be responsible for the protection of assets and information which are transferred between, processed by or stored in computerized information systems.
- Manage the day to day operations of all security controls ensuring the availability, integrity and confidentiality of the network, systems, office environment and information.
- Coordinate the development and delivery of a security awareness program inclusive of information security and privacy matters for employees, authorized users and customers.
- Manage the Incident response and reporting process that addresses security incidents (breaches), alleged policy violations, and complaints from external parties. Serve as the point of contact for information security and privacy incidents, including relationships with law enforcement entities.
- Manage the Third Party Risk assessment and management process and ensure the confidentiality, integrity and availability of Marlette data being handled and business functions being performed by third parties.
- Manage the BCM/DR program to ensure plans are kept current and tested to ensure the confidentiality, integrity and availability of Marlette data and services.
- Ensure security best practices are implemented and revised to maintain the availability, integrity and confidentiality of the information stored on and accessed through the network (firewalls, file rights, backup system, account management, vulnerability testing, etc…)
- Prepare and keep current documentation on all managed systems, including disaster recovery plans.
- Provide regular risk and performance metrics as required.
- Manage the information security function in accordance with the established policies and guidelines.
- Report to the Chief Information Security Officer.
- Function as an internal consulting resource on Information Risk Management issues.
- Conduct the information security risk assessment program. Review compliance with the information security policy and associated procedures.
- Coordinate information security efforts with the Internal Compliance Department.
- Provide periodic reporting on information security issues to the CISO.
- Coordinate security orientation and security awareness programs.
- Assist in coordinating contingency plan tests on a regular basis.
- Identify and address exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information loss to Marlette Funding.
Directors joining Marlette Funding’s Information Technology Organization can expect to enjoy a culture embracing the concepts of Continuous Delivery, Total Quality Management, Knowledge Sharing, Personal and Career Advancement, Empowerment, Innovation, and Collective Ownership.
- B.S. in Computer Science or equivalent
- 5+ years of experience in information security
- Experience managing cross functional teams
- Strong understanding of regulatory compliance from various governing bodies.
- Strong creative ability, analytical skills and independent judgment.
- Excellent verbal and written communications and presentation skills
- Experience managing vendor related risk
- Experience managing a Business Continuity Program
Successful candidates will possess these qualities:
- Strong sense of ownership – Feeling of personal accountability for all areas directly or indirectly supporting the business/service area. Willingness to drive people on all sides of an issue to a common understanding and then drive them toward resolution.
- Communication – Able to clearly communicate ideas in technical or business terms with senior business leadership, external vendors, their peers across IT, as well as their team.
- Leadership – Assess a situation, prioritize requirements, and then go out to any team and get support as needed.
- Self-starter – Has a strong sense of self and purpose. Understands tasks and role, and does not need daily direction, yet maintains an open dialogue with stakeholders.
- Comfortable interacting and engaging with colleagues from all levels of management across all business units and third party development firms.
- Demonstrated technical leadership skills including self-direction, coaching and mentoring, leading change through tooling or practices
- Previous experience leading Associate-level Developers OR demonstration of effective leadership characteristics
- High self-efficacy, highly motivated, well organized, capable of developing and executing a sprint plan, and able to communicate status effectively
- Passionate about reducing manual and repetitive work when designing and building tools used by internal colleagues
In addition to the interview process, all candidates will need to evidence their initiative, level of analytical reasoning, teamwork and ability to collaborate on projects, adaptability, and strength in verbal and written skills by completing a separate candidate assessment.
Please submit your resume online. Qualified applicants will be contacted within several business days. Applicants will be required to complete Marlette Funding’s candidate assessment.