We are seeking a Director of Information Security for our client in Sterling, VA. This is a full-time permanent position. POSITION PROFILE
This position is responsible for overseeing the IT Governance structure and facilitating with Audit, Compliance and Risk areas. Provides direction and support for compliance-related programs and initiatives within the Organization. This role interfaces with process owners in assigned areas to understand goals and objectives, develops plans to support those goals, and manages project activities. May also audit controls in assigned areas in support of governance programs including but not limited to IT SOX404, SSAE 16, ISMS. JOB DUTIES AND RESPONSIBILITIES
QUALIFICATIONS (Education, Experience and Certifications)
- Provides centralized oversight to deliver consistency and quality in compliance work across the organization, including all IT functions and capabilities.
- Develops, implements and communicates governance and compliance objectives to ensure an appropriate compliance and risk aware culture.
- Involved in developing, modifying and executing company policies that affect immediate operations and may also have company-wide effect.
- Supports the evaluation of program resources and assists in the procurement of tools, internal resources and/or external resources, as applicable, to ensure proper execution of the compliance program.
- Evaluates general and specific training needs and perform such to support the control environment and associated control framework.
Interacts with various business groups to understand how they use IT systems to assess whether systems should be included within the scope of the various compliance areas (SOX, HIPAA, PCI, etc.).
- Identifies gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls.
- Monitors and analyzes technology risk trends and recommends appropriate IT policies, procedures and practices to strengthen internal operations.
- Educates IT and business leaders on appropriate mitigation strategies and approaches.
- Possesses detailed knowledge of industry regulatory environment and risk management practices, and a thorough understanding of local and federal regulations such as Sarbanes-Oxley, ISO27001, SSAE 16and HIPAA.
- Responsible for the implementation and integration of risk management procedures across the organization, based on an understanding of key services that must be maintained.
- Ensures monitoring and testing of business continuance procedures and response to system failures.
- Assist with the development and implementation of metrics to assess or assure compliance activities of the enterprise.
- Participate data breach reporting, events remediation, and mitigation.
- Proactively builds processes to minimize / eliminate downtime.
- Consults with appropriate business and IT leaders regarding the evaluation and selection of vendors to ensure service level agreements meet business continuance and disaster recovery planning requirements.
- Performs other duties as assigned.
- Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field, or equivalent work experience required.
- CISA (Certified Information System Auditor) certification preferred.
- CGEIT (Certified in the Governance of Enterprise Information Technology) certification preferred.
- CRISC (Certified in Risk and Information System Controls) certification preferred.
- Minimum 7-10 years of IT and business work experience, including risk management, compliance, audit, and/or information security management.
Qualified candidates should submit a word formatted resume to Cheryl.firstname.lastname@example.org