GreatAmerica Financial Services is an equal opportunity employer and does not discriminate against otherwise qualified applicants on the basis of race, color, creed, religion, ancestry, age, sex, marital status, national origin, disability or handicap, or veteran status.

Start Over with Job Search
Already have a profile?  Login Now


Director, Information Security (Cedar Rapids, IA)
  
Job Description

Position Summary

The Director, Information Security role provides vision, leadership and thoughtful execution for all information security strategy and initiatives. The role will plan, develop, manage and audit policies, procedures and guidelines for GreatAmerica and its affiliates. They work with stakeholders throughout the company to understand business processes and systems, and provide key oversight in protecting information.  This person is a dynamic individual who has experience with developing, implementing and cultivating security policies and governance initiatives

 

This individual will report directly to the CFO with added reporting to the VP of IT.  This role is responsible for the oversight of the information security program, while IT Operations is accountable to execute certain security initiatives and day to day administration of the various security platforms.  Because of this interaction, it is necessary for the role to have a tie to IT, but remain separate of direct responsibility.

 

The key outcome for this role is to ingrain information security as a competency in the organization.

 

Essential Functions

  • Leads the establishment of the security culture and drives the way in which information security supports business needs, strategic directives, and risk mitigation.
  • Co-chairs and develops the enterprise information governance team with GreatAmerica’s Compliance & Privacy leader.
  • Work very closely with GreatAmerica’s Compliance & Privacy leader to develop policy and overall direction of the program.
    • Develops, measures, and updates security controls (baseline and advanced) to optimal effectiveness
  • Key advisor to Sr. Leaders in setting and updating GreatAmerica’s security posture.
    • Provide guidance with return on investment vs. risk mitigated.
  • Educates GreatAmerica’s employees in information security to continually raise awareness.
  • Responds to all information security inquiries.
  • Influences, guides, and motivates groups of people to deliver results; encourages initiative and responsibility; demonstrates the ability to effectively persuade others to listen, commit, and act on a new approach.
  • Collaborates with all teams to identify current state of information security and recommend changes needed in behavior, processes, and technology to mitigate risk and protect the confidentiality, integrity, and availability of information in line with company risk tolerance levels and the Information Governance Charter.
  • Collaborates regularly with IT leaders to provide guidance and direction for the inclusion of appropriate security prevention, detection, and response standards and procedures in accordance with the Information Security Policy.
  • Correlates input from legal, internal and external auditors, and senior leadership to identify and implement information security requirements.
  • Performs information security assessments where necessary.
  • Directs, develops and manages the Information Security Incident Response Program.
  • Communicates the security vision (and progress on initiatives) via regular written and in-person communication with all stakeholders.
  • Stays certified and updated on latest changes in information security with continuing education and involvement in industry organizations.
  • Other duties as assigned.
Knowledge, Skills and Abilities

Competencies:

For all GreatAmerica team members:  Honesty/Integrity, Customer Oriented, Accountability, Tenacious, Communication Skills (Oral & Written), Adaptability, Organized, Analytical, Research Skills, Detail Oriented, Tactful, Training, Problem Solving

           

For this position: Risk Mitigation, Coaching and Development, Organized, Communicate via metrics, Business Acumen, Team Building, Judgment, Leadership, Relationship Building, Strategic Planning

 

 

Education:

Bachelor's degree with a major in computer science, telecommunications management, electrical engineering or related field preferred, but not required.  Experience in supervising information security may be substituted for the requisite education.

 

 

Knowledge & Experience

  • 2 years of experience managing and/or directing security operation or initiatives.
  • 5 years of experience working in the information security field.
  • Proven experience in planning, organizing, and developing IT security and facility security system technologies.
  • Experience in planning and executing security policies and standards development.
  • Excellent knowledge of technology environments, including information security, building security, and defense solutions.
  • Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.
  • Exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial systems.
  • Good understanding of computer systems characteristics, features, and integration capabilities.
  • Experience with systems design and development from business requirements analysis through to day-to-day management.
  • Excellent understanding of project management principles.
  • Superior understanding of the organization’s goals and objectives.
  • Demonstrated ability to apply IT in solving security problems.
  • In-depth knowledge of applicable laws and regulations as they relate to security.
  • Proven leadership ability.

 

Other skills include but not limited to:

  • Security concepts related to IT Infrastructure
  • Familiarity with industry standards such as CIS 20, NIST, ISO 27002, Cyber Security, ITIL and COBIT frameworks
  • Software programming concepts
  • Computer networking, routing and switching

     

    Certifications

    Any of the following certifications or equivalent a plus:

  • CISSP: Certified Information Systems Security Professional
  • ISSMP: Information Systems Security Management Professional
  • CISM: Certified Information Security Manager