IT Security Director Location:Tustin, CA

Essential IT Security Director Functions/Qualifications/Education

• Determine vision for information security assets, policies and standards
  
• Develop and maintain continuous up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and procedures.
  
• Identify and communicate security protection goals and objectives with suitable measurement KPIs to support the business security requirements.
  
• Provide regular reporting on current status of information security program to senior leadership team.
  
• Audit all aspects of information security and facilitate integration with revenue optimization, fraud, and merchant management teams to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
  
• Evaluate and provide recommendation for risk mitigation and insurance policies for cybersecurity.
  
• Define and build partnerships with internal partners for providing investigation, incident response support and other services as identified.
  
• Serve as an internal information security consultant to assist / advise / educate on all aspects of information security and compliance.
  
• Ensure effective levels of data asset protection are in place and monitored including data loss / data leakage and intrusion detection and prevention.
  
• Establish governance and monitor compliance with the organizations security policies and procedures among employees, contractors and other third parties and take corrective action where necessary including roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
  
• Create and manage a unified control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  
• Monitor advancements in information security.
  
• Manage and Oversee systems implementation and new tools to be used in the organization. Guarantee Customer Data is protected and ensure compliance business wide.
  
• Conduct regular Penetration testing to ensure compliance
  
• Produce new Security measures and policies to protect
  
• Internal audits of servers, audit logs, Splunk expertise a plus
  
• Implement new tools to track and identify PCI, Personal Identification data on the network
  
• Experience with Office 365 hosted email and related security tools, including Mimecast.
  
• Responsible for reviewing and managing data security tools and logs.
  
• Able to recommend best practices for data and email security.
  
• Develop documentation for IT and for end users regarding security best practices and usage of security tools.
  
• Participate with other members of the IT team in reviewing overall system and network security.
  
• Manage the shared security model used by all systems managed by IT.
  
• Strong communication (oral and written), interpersonal, and organizational skills required.
  
• Must demonstrable ability to successfully interact effectively with all levels in the organization.
  
• High level of initiative and critical thinking to formulate business issues into analytical problems and devise actionable solutions.
  
• Degree in Business Administration or technology-related filed, or equivalent work-related experience.
  
• Typically requires 12+ years experience in a combination of risk management, information security and IT roles.
  
• 5 years experience in an information security role.
  
• CISSP-ISSMP, CISM, CISA or similar industry certifications.