Home > Greenville jobs > Greenville management/professional

Posted: Thursday, February 1, 2018 9:06 PM

The Director of Information Security (ISO) will report directly to the General Counsel, and be responsible for establishing strategy and implementing and monitoring information security standards and policies. The ISO will recommend Information Security investments which mitigate cyber and insider risks, strengthen defenses, and reduce vulnerabilities for development, internal and client facing systems and products. In this role, the ISO must be able to not only define a strategic vision, but must also be able to implement and execute against it. The ISO will manage the Information Security Office functions. Responsible for design, implementation, and maintenance of controls and procedures to ensure the integrity and security for all computer-based systems and networks across all technical platforms. In addition, the ISO will oversee the Access Management onboarding/offboarding functions and third party vendor management. The ISO will work closely with other business groups and stakeholders, including Legal, Compliance, Audit and Risk ensuring the protection of information and assets including data, systems, databases, networks, and other resources.
Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program.
Leverage information security experts and technology to support a secure infrastructure, secure applications, and overall data security; lead strategic security planning with IT Operations, development teams, and users across the organization.
Develop, communicate and ensure compliance with organizational security policies and standards; proactively work with business units to implement practices that meet defined policies and standards for information security.
Create and manage information security and risk management awareness training programs for employees, contractors and approved system users.
Work directly with business units to facilitate IT risk analysis and risk management processes; identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
Provide subject matter expertise to executive management on a broad range of information security standards, best practices, and compliance requirements particularly related to DOD, DHS standards.
Work with developers and architects to ensure security is appropriately built development cycle. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests.
Facilitate the review and verification of all new third party vendors with respect to their information security policies and procedures.
Audit third party vendor compliance with security requirements.
Coordinate organizational efforts in response to security events.
Coordinate use of external resources involved in the information security program including negotiating vendor contracts and fees, and managing external resources.
Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
Provide oversight and accountability of the day-to-day security operations and/or other administrative areas. Develop and maintain the security function of maintaining security access to corporate communication and computing systems including all onboarding and off boarding functions.
Review and oversee all application projects impacting information security.
Oversee on-going security monitoring of organization information.
Provide oversight and accountability of the day-to-day security operations and/or other administrative areas
Assess information security risk as well as conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements. Responsible for development/Implemenation of the Security Risk Assessment process targeting information protection and regulatory compliance as well Security Vulnerability identification and Remediation.
10+ years of experience in the information security field and 5+ years of leadership in an information security role.
Experience with Financial industry compliance regulations.
Experience in developing a young / immature organization is significant advantage.
Proven experience with current IT security technologies.
Demonstrated experience with information security frameworks
Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
Demonstrated ability to frame security and risk-related concepts to both technical and nontechnical audiences.
Bachelor s degree or equivalent experience in an IT-related discipline.
3+ years in business architecture, project management, reengineering, IT consulting or other relevant experience.
CISSP Certification Preferred.
PCI-DSS Compliance Experience.
BA/BS required; MBA, MIS or other relevant post-graduate degree a plus.
Ability to drive execution of aggressive goals through effective planning, prioritization, resource management and follow through.
Proven track record of building influential relationships with internal customers; ability to influence across departmental lines without direct authority.
Ability to think strategically and identify and understand business needs and translate into strategic direction, plans and solutions.
Experience working with business process reengineering and IT solutioning; experience working on project teams bringing together both business & technology. Capable of explaining technical concepts to a non-technical audience.
Superior verbal and written commuication skills, including ability to tailor communications based on audience.
Experience leading people with demonstrated ability to attract, develop, motivate and retain talent
Proficiency in interpreting financial results and business data to identify opportunities and risks
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Supervisory Responsibility - Superviosry Experience Requred.
Work Environment and Physical Demands
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
Position Type/Expected Hours of Work
This is a full-time position. Days of work are Monday through Friday. The daily schedule may vary from 8 am to 5 pm or 9 am to 6 pm. Hours may vary or exceed 40 in any given week depending on the needs of the business.
Travel - This position may require up to 25% travel.
EEO Statement
ACA provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ACA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job, but do indicate the \"hands on\" responsibility of the position. Other duties, responsibilities and activities may change at any time with or without notice.
ID: 2017-2172
External Company Name: American Credit Acceptance
External Company URL:
Associated topics: attack, cybersecurity, forensic, identity access management, iam, protect, security, security analyst, security engineer, security officer


• Location: Greenville

• Post ID: 27667437 greenville is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2018