Director of IT Security & Compliance & ISO

Location: Los Angeles, CA Description: Our client is currently seeking a Director of IT Security & Compliance & ISO
Requirements:

•Bachelor’s degree in business administration or a technology-related field from a four-year accredited college or university.

•Certified Information Systems Auditor and/or Certified Information Systems Security Professional.

•Minimum of ten years of hands-on experience in managing, designing, implementing and/or auditing information technology security programs.

•Proficient knowledge of common information security management frameworks, such as ICSUAM Section 8000, ISO/IEC 27001, and NIST.

•Working knowledge of state and federal information security, compliance, and privacy procedures such as GDPR and CCPA securities policies.

•Ability to identify and interpret state and federal laws, campus guidelines, and Executive Orders to determine how they apply to the campus.

•Knowledge of security and data loss prevision tools such as Palo Alto Prisma Cloud Security and Cortex Endpoint Security.

•Technical knowledge of network penetration and incident response services such as Dell SecureWorks, Acunetix, Cloudlock, BitGlass, and Qualys.

•Technical knowledge of forensic handling process and software such as EnCase and Paraben.

•Knowledge of state and federal laws and regulations affecting the handling, access, storage and disposal of Levels 1 and 2 confidential and personal data.

•Expertise in information investigation and litigation process.

•Technical knowledge of network security policies and best practices for security network topologies.

•Ability to understand potential threats to the campus and put into place a recovery plan that ensures minimal disruption or loss of data.

•Ability to work with complete confidentiality with high level of personal integrity.

•Ability to work effectively as part of a team and to give and receive constructive feedback.

•Excellent verbal and written communication skills, including the ability to draft and deliver technical processes, reports, presentations, and correspondence.

•Ability to schedule and prioritize in order to meet deadlines.

•Ability to work independently with minimal supervision.

DAY 2 DAY:

•Lead the investigation and remediation of security breaches and cyberattacks, initiate appropriate action to protect information assets, and assist with electronic document collection associated with such breaches.

•Conduct information security risk assessments and provide executive summary for the Chief Information Officer and Associate Vice President of Information Technology Services (ITS).

•Define and execute the IT and data security strategies to enhance the reliability and security of the IT systems, projects and underlying data.

•Serve as the information technology liaison with internal and external entities including Chancellor’s Office (CO), law enforcement, FBI, and Department of Homeland Security; coordinate with law enforcement to conduct electronic collection and analysis activities for investigations.

•Work closely with departments and internal audit to provide responses for IT and Information Security audits.

•Oversee the planning and execution of vulnerability scans, penetration testing and cybersecurity forensic activities for IT audits and incident responses; ensure that outputs improve our security posture.

•Coordinate implementation plans, security product purchase proposals, and project schedules.

•Review all campus procurements and contracts and conduct risk assessments against services being purchased where sensitive data is used, and collaborate with departments to ensure proper security language is integrated in contracts.

•Review and approve access to administrative systems for employees and vendors, ensuring appropriate access and segregation of duties.

•Conduct the final review and approval of firewall modifications.

•Conduct weekly vulnerability scans on systems across the campus and collaborate with departments to ensure systems are remediated or security controls set in place.

•Manage data loss prevention systems for the campus to address data inventory of sensitive information.

•Oversee log management review activities.

•Oversee the distribution of SSL and encryption keys as they relate to PKI management services.

•Work with outside consultants as appropriate to fulfill independent security audit needs; manage third party security partners, stakeholders, vendors, and solutions providers that are assisting the campus on related security implementations.

•Coordinate the annual review and update of the ITS Disaster Recovery Plan and Business Continuity Plan.

• Collaborate with departments to conduct risk assessments against their systems and ensure decentralized systems are secured with proper access controls in place.

•Develop, implement and monitor a strategic, comprehensive campus-wide information security and IT security risk management program; ensure ITS compliance with Executive Order 921 on disaster recovery and business continuity planning.

•Develop and enhance an information security management framework.

•Conduct presentation to and collaborate with University stakeholders to raise awareness of security risk management concerns.

•Collaborate with ITS management team and other key stakeholders to implement related security projects.

Contact:
This job and many more are available through The Judge Group.

Find us on the web at