Position Value Proposition The Director Information Security & Compliance is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected. This position is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. This position is responsible for maintaining IT General Controls for Sarbanes Oxley (SOX) compliance. The successful candidate will be able to collaborate and influence all areas of the business to reduce risk and increase the effectiveness of our information security program. Core Responsibilities + Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. + Provide regular reporting on the current status of the information security program to enterprise risk teams and senior business leaders as part of a strategic enterprise risk management program, thus supporting business outcomes. + Work with the vendors to ensure that information security requirements are included in contracts by liaising with business leaders throughout the organization + Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences. + Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. + Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. + Work with internal and external audit firms to ensure compliance with Sarbanes Oxley and other compliance requirements. Ensure IT General Controls are effective and operating successfully. ADDITIONAL DUTIES & RESPONSIBILITIES : (This job description is not an exclusive or exhaustive list of all job responsibilities and functions that an employee in this position may be asked to perform. Above statements describe the general nature and level of work being performed, . Duties and responsibilities can be changed, expanded, reduced or delegated by management to meet the business needs of the company) Qualifications Required qualifications (Knowledge, Skills, and Abilities) to perform essential functions of this position: Core Competencies: + Informing - Provides the information people need to know to do their jobs and to feel good about being a member of the team, unit, and/or the organization; provides individuals information so that they can make accurate decisions; is timely with information. + Comfort Around Higher Management - Can deal comfortably with more senior managers; can present to more senior managers without undue tension and nervousness; understands how senior managers think and work; can determine the best way to get things done with them by talking their language and responding to their needs; can craft approaches likely to be seen as appropriate and positive. + Integrity and Trust - Is widely trusted; is seen as a direct, truthful individual; can present the unvarnished truth in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn't misrepresent him/herself for personal gain. + Conflict Management - Steps up to conflicts, seeing them as opportunities; reads situations quickly; good at focused listening; can hammer out tough agreements and settle disputes equitably; can find common ground and get cooperation with minimum noise. + Problem Solving - Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers. + Perspective - Looks toward the broadest possible view of an issue/challenge; has broad-ranging personal and business interests and pursuits; can easily pose future scenarios; can think globally; can discuss multiple aspects and impacts of issues and project them into the future. + Functional/Technical Skills - Has the functional and technical knowledge and skills to do the job at a high level of accomplishment. + Planning - Accurately scopes out length and difficulty of tasks and projects; sets objectives and goals; breaks down work into the process steps; develops schedules and task/people assignments; anticipates and adjusts for problems and roadblocks; measures performance against goals; evaluates results. + Priority Setting - Spends his/her time and the time of others on what's important; quickly zeros in on the critical few and puts the trivial many aside; can quickly sense what will help or hinder accomplishing a goal; eliminates roadblocks; creates focus. + Standing Alone - Will stand up and be counted; doesn't shirk personal responsibility; can be counted on when times are tough; willing to be the only champion for an idea or position; is comfortable working alone on a tough assignment. Work Experience 5-10 Years experience in an information security or cybersecurity role Education/Training BS in Computer Science or related field, or equivalent experience Specialized Knowledge – Certificates & Licenses + The Director of IT Security and Compliance must have a current CISSP certification. If the candidate does not have this certification, they will need to obtain it. Software & Technology Position will require the frequent use and knowledge of MS Windows 7 and/or MS Windows 10, MS Word, MS Excel, MS PowerPoint, and MS Outlook. Work Environment The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job Work is generally performed in a climate controlled office environment. While performing the duties of this job, the employee is: + + Constantly required to walk, sit and stand for up to 8 to 10 hours per day. + Frequently required to handle and finger while working on a keyboard and computer + Occasionally required to lift and carry computer equipment N (Not Applicable) Activity is not applicable to this occupation. O (Occasionally) Occupation requires this activity up to 33% of the time (0 - 2.5+ hrs/day) F (Frequently) Occupation requires this activity from 33% - 66% of the time (2.5 - 5.5+ hrs/day) C (Constantly) Occupation requires this activity more than 66% of the time (5.5+ hrs/day) The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made upon request for those who have disabilities that qualify under the American with Disabilities Act. DBM International is an Equal Opportunity Employer with and Affirmative Action Plan.