Director Of Information Security

Profile

Director of Information Security

Duties: Implement comprehensive information security strategy, ensuring alignment with business goals and objectives. Identify drivers affecting the organization (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security. Obtain senior management commitment and buy-in regarding information security. Define roles and responsibilities for information security efforts throughout the organization. Establish and maintain a process for information asset classification and ownership. Manage and enhance the systemic and structured information risk assessment process including business impact assessments and threat assessments & remediation. Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels. Integrate risk, threat and vulnerability identification and management into life cycle processes. Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis. Specify the people, partners, technology, and the activities to be performed to enable the information security program. Establish, communicate and maintain information security standards and procedures that support the security strategy and measure their effectiveness. Input into the design, of information security awareness, training and education. Coordinate with the Head of IT Compliance to integrate information security requirements into the organization’s processes. Manage internal and external resources to execute the information security program. Coordinate with the Head of IT Compliance to ensure that processes and procedures are performed in compliance with the organization’s information security policies and standards. Provide information security advice and guidance (e.g., risk analysis, control selection) in the organization. Ensure that noncompliance issues and other variances are resolved in a timely manner as escalated by the Head of IT Compliance. Along with the Head of IT Compliance, implement and execute the Firm's ISMS Policy as directed by the CIO and Office of the General Counsel. Develop and implement processes for preventing, detecting, identifying, analyzing and responding to information security incidents. Develop the capability to investigate information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing). Lead all aspects of the firm’s incident response plan including the internal plan execution team. Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk. Continually maintain professional and technical knowledge by attaining relevant certifications, attending education workshops and forums, reviewing professional publications, and maintaining a professional network. Oversee any internal staff when they are performing operational security functions. Manage all external contractors and consultants needed to administer security function.Represent commitment to security to our clients and Participate in client audits and assessments of information security policies, standards, and procedures as needed in support of the Head of IT Compliance. Occasionally provide consulting services on any client security matters.

Company info

Bryan Cave Leighton Paisner LLP
1155 F Street, NW
Washington
District of Columbia
United States 20004
Website : https://www.bclplaw.com