DIRECTOR OF ENTERPRISE SECURITY

Pekin Insurance - Pekin, IL3.6

Full-timeEstimated: $89,000 - $120,000 a year
EducationSkillsBenefits
Although the word “insurance” isn’t beyond exciting, we know you’ll find Pekin Insurance is truly “Beyond the expected®” when it comes to your next career move. If you’re ready to work with a team of professionals who actually live a core set of values—and go home each night knowing you’ve made a difference, you’ve landed at the right place.

Position Objective

The Director of Enterprise Senior Security proactively protects the integrity, confidentiality, and availability of information and reports to management regarding the effectiveness of network and data security controls. This position approves the development, maintenance, and enforcement of security policies, standards, and guidelines encompassing data and physical security. This position also manages and coordinates compliance for required industry audits by helping to identify issues, anticipate and solve problems and provide customer service to internal and external customers based on your ability to prioritize and initiate solutions. Accountable for the managing and monitoring of intrusion detection mechanisms, firewall logs and other relevant reports to mitigate activity that could lead to a data breach any other unauthorized and suspicious activity. This position is also accountable for interfacing with HR for the effective management of all security investigations that support the organization.

Job Responsibilities

Authorize procedures to maintain Enterprise Security Policies
Communicate the Enterprise Security Policy to all appropriate parties
Ensure adherence to the Security Policy, including suppliers via 3rd party vendor risk assessments
Ensure that all security controls and procedures are regularly reviewed and audited
Ensure rapid response to security violations
Authorize the security controls and documentation and regularly review and audit all security controls and procedures
Participate in and provide leadership for security incidents and potential data breach events which require emergency remediation and executive level communication
Accountable for assisting with Business Impact Analysis
Authorize the development , documentation and maintenance of procedures for security controls
Accountable for GRC (governance, risk, and compliance) platform for reporting purposes
Accountable for reporting, analyzing and reducing the impact and volumes of all security incidents in conjunction with problem management
Authorize security assessments and reviews results
Ensure all changes are assessed for impact on all security aspects, including the Enterprise Security Policy, security controls and attending Change Advisory Board meetings when appropriate
Ensure the confidentiality, integrity and availability of the services are maintained at the levels agreed in the Service Level Agreements and that they conform to all relevant statutory requirements
Accountable for security awareness education and training to the organization
Accountable for the management of the CSIRT (computer security incident response team)
Ensure the organization stays current with security industry best practice, standards, and appropriate governmental regulations
Accountable for interfacing with HR for investigations that violate the Enterprise Security Policy or the HR Employee Policy
Accountable for the management of Physical Security controls and interfacing with Administrative Services
Other duties as assigned
Education and Experience

Bachelor’s Degree required
Must have 8-10 years of experience working in, or leading, a company-wide IT security organization
Must hold CISSP, CISM, or other industry recognized security certifications
Experience with Governance, Risk, and Compliance (GRC) platforms
Attained multiple security related certifications and continuing education to retain certifications
Knowledge/Skills/Abilities

Advanced knowledge of corporate security and network policies and procedures
Advanced Knowledge of the ITIL, COBIT, and ISO 27000 Frameworks
Advanced multi-platform knowledge. Experience in UNIX, Windows, Linux and IP intranet/internet security environments including: firewalls, intrusion detection, incident response, policy writing, vulnerability testing, risk management, operating systems hardening, regulatory compliance and data classification
Advanced knowledge of Health Insurance Portability and Accountability Act (HIPAA) and HITECH and the security of health information records
Advanced knowledge PCI compliancy
Working knowledge of word-processing and spreadsheet software
Must have excellent leadership and organizational skills
Ability to correspond and collaborate with both peers and leaders
Ability to interpret and make conclusions based on available information
Ability to work with people and work under stress
Ability to handle pressure and stress in a dynamic and changing environment
Ability to manage time and complete multiple tasks while continually meeting deadlines
Must have advanced problem solving and analytical skills
Must be self-directed and effective working independently, yet equally comfortable contributing in a team environment
Communicates effectively, verbally and in writing, using a variety of communication methods to build productive relationships