Requisition Number: 1912562
The Director of Technology & Information Security will be responsible for the implementation and oversight of CMG’s overall information & technology security program, including cyber-security, risk management, threat/incident response and data privacy functions. The purpose of the program is to secure technology & information assets utilized by CMG and its customers and ensure compliance with applicable laws, regulations, and customer requirements. The Director will partner with the firm’s CIO, General Counsel, and other departments to implement and enhance policies, procedures, technologies and third-party services related to security and compliance.
This position offers an exciting opportunity for an experienced professional to build and manage a program in the dynamic media industry. The ideal candidate for this position will not only have strong technical knowledge in the fields of technology and information security, but also will be able to think broadly about business challenges and articulate security concerns and challenges to executive leadership. The candidate will build strong partnerships with multiple stakeholder groups including technology, product, sales and marketing, engineering and field operations to ensure effective use of security capabilities. Key success factors include the ability to partner, influence and lead both direct, cross-functional and third-party teams in implementing and managing the security program.
• Provide leadership and direction to develop strategy and implement a comprehensive technology & information Security Program.
• Develop, implement, and enhance information security policies, procedures, and controls.
• Evaluate overall technology and security risk, maintain an active view, and report on the actual, mitigated, and residual risk.
• Evaluate, recommend, and implement technologies to enhance the protection of systems and information and ensure complete auditability.
• Oversee execution of internal and external vulnerability scans and penetration tests, document and analyze results, and chart implementation of mitigating controls.
• Collaborate with IT engineers and assist with prioritization of upgrades and changes in order to ensure high risk vulnerabilities are addressed expeditiously.
• Promote a risk-aware culture and develop/manage CMG’s security awareness and training program.
• Oversee the firm’s relationships with key security vendors and service providers, develop key performance metrics, and ensure performance aligns with agreed objectives.
• Direct and support annual business impact assessments of all systems and processes; assist stakeholders in understanding and mitigating risk.
• Enhance and maintain CMG’s security incident response plan and conduct regular exercises to ensure relevant stakeholders are aware and prepared to fulfill their responsibilities.
• Stay abreast of changes in the threat landscape, as well as industry best practices, prevailing trends, and cutting-edge technologies in the security space.
• Develop and champion a privacy strategy that ensures engagement across the organization to monitor and manage visibility to privacy risks and progress on remediation of risks.
• Develop and manage a program to build privacy into the systems development lifecycle process including coordination with other teams that touch the SDLC process to ensure there is not overlapping evaluations.
• Expand third-party security program to include regular evaluations of critical vendors.
• Drive alignment with business partners on remediation of risks associated with these third-party vendors.
• Manage strategic interactions with key boundary partners for organization wide initiatives such as Supply Chain, Legal, Public Affairs, etc.
• Ten years of experience in the information security field and 5 or more years of experience managing and/or supervising information security focused resources.
• Bachelors Degree in business or computer science related fields or an equivalent combination of training, education, and experience.
• Certified Information Systems Security Professional (CISSP), and/or a Certified Information Systems Manager (CISM).
• Proven ability developing and executing an information security strategy and mission for large complex organizations.
• Experience working in media.
• Strong understanding of security standards such as ISO 27001/27002, Center for Internet Security Critical Controls, NIST 800 Series, CoBIT, etc..
• Excellent communication, presentation, and persuasion skills.
• Experience with process improvement and documentation.
• Excellent project management and organization skills.
• Highly collaborative and able to build trusting relationships across a diverse workforce.
• Adept at leading change in a complex and geographically dispersed organization.
• Capable leader, advisor, mentor, and coach; someone who motivates and inspires.
• Demonstrates respect for others and promotes a supportive environment