TCI has an immediate need for a Director of Information Security in Chicago, IL. This is not a Corp2Corp opportunity. This is a Direct Hire opportunity.
The Director, Information Security performs two core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s PCI security policies and procedures. The second is establishing an enterprise security stance through policy, architecture and training processes. Secondary tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. The Director, Information Security is expected to interface with peers in the Applications and Infrastructure Groups of IT as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and cooperation.
The Director, Information Security reports directly to the Senior Vice President & CIO
Strategy & Planning
- Create and maintain the enterprise’s security architecture design including PCI compliance standards.
- Create, and maintain the enterprise’s security awareness training program.
- Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures).
- Participate in validating/defining Sarbanes Controls of security and ensuring the controls are followed
- Perform information security risk assessments and serves as an internal auditor for security issues
- Implements information security policies and procedures for the organization
Acquisition & Deployment
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.
- Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories. Annually review all data at rest and update data classification documentation.
- Ensure the enforcement of enterprise IT procedures and processes as well as annually update the IT security documents.
- Take responsibility for all security access provisioning throughout the enterprise. Work to ensure reasonable SLA are achieved in approving and setup of end user security profiles/access.
- Supervise all investigations into problematic activity and provide on-going communication with senior management including investigation of security incidents as they occur.
- Supervise the design and execution of annual vulnerability assessments, penetration tests and security audits.
- Coordinate a location-by-location effort to ensure all locations PCI compliant using internal network engineers, field application personnel and/or 3rdparty Vendor.
- Analyze all garage facilities that accept payment cards for compliance with the PCI DSS and PA DSS. Audit locations for PCI standards and needed patching.
- Document network environments at facilities, identify compliance gaps and develop solutions. Lead the security architecture and research solution that will better secure our end points and cloud environments.
- Work with field managers, equipment vendors and 3rd party service providers to implement and thoroughly test compliance solutions
- Provide analysis/documentation, identify compliance gaps, and implement solutions for more complex locations (i.e. airports, universities)
- Provide relationship management of 3rd party service providers (i.e. MD Tech, Optiv, Sailpoint, Annovis, etc.)
- Design and document processes and procedures that help maintain PCI compliance while keeping garage network downtime at a minimum
- Review exception logs and respond appropriately to any data breaches or threats of a data breach
- Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.
- Leads Incident Response Team
- Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
- Develop staff into accomplished security analysts.
- College Degree in the field of Computer Science and/or 6 years of equivalent work experience.
- One or more of the following certifications: GIAC Security Essentials, GIAC Security Leadership, ISACA Certified Information Security Manager, Microsoft Certified Systems Engineer: Security and /or CISSP.
- Extensive proven experience in enterprise security architecture and secure network design.
- Extensive proven experience with PCI DSS guidelines and working with financial institutions to achieve compliance.
- Strong ability to communicate PCI guidelines to non-technical executives and staff.
- Extensive experience in enterprise security document creation.
- Experience in designing and delivering employee security awareness training.
- Experience in managing a staff of 3-5 individuals including staff development.
- Experience in working with internal and external vulnerability scanning and the resulting closure of all vulnerabilities working with infrastructure team.
- Working technical knowledge of Cisco, Barracuda, Fortinet, SonicWALL and other firewall technologies including management and monitoring.
- Working technical knowledge of a variety of OS including Windows and Linux.
- Strong understanding of IP, TCP/IP, and other network administration protocols. Ability to work effectively with Network/Infrastructure teams to improve security of corporate network.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment. Deliver on projects as assigned within the time frame needed.
- Excellent written, oral, and interpersonal communication skills. Ability to communication security functions/processes to senior management in a simple clear form.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed. Delivers projects with minimal supervision. Take charge individual
- Keen attention to detail.
- Ability to develop/mentor current security administrators in developing their skills and knowledge of function
- Team-oriented and skilled in working within a collaborative environment.