Director, IT Global Security, Risk and Compliance
The Mosaic Company · Greater Tampa Bay Area · 3 wk ago
Information TechnologyFull-time
What will you do?
- Lead, develop and coach IT security employees in order to retain and expand organizational talent through focused attention and effort.
- Provide timely and constructive feedback on a regular basis to ensure employees have a clear understanding of their work, roles and the business.
- Manage performance issues when necessary.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation.
- Actively monitor security alerts, advisories, exploits, assessing risk and leading Mosaic teams toward an appropriate response.
- Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.
- Create and manage an information security and risk management awareness training program for all employees, contractors and approved system users.
- Work directly with the Mosaic business leaders to facilitate IT risk assessment and risk management processes and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.
- Work with external & internal audit on Mosaic IT controls audits.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Direct information security and risk management projects with resources from the IT organization as well as business representatives.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Work with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
What do you need for this role?
- Bachelors Degree required, with a major in Information Technology, Business Management, Computer and Information Science, or related field. Masters Degree preferred.
- 10+ years of Information Technology experience required.
- Regulatory and Risk Management experience required.
- Sarbanes- Oxley Act (SOX) experience required.
- Policy Development knowledge required.
- At least one active certification required: Certified Information Systems Security Professional (CISSP) - (ISC)2 or Certified Information Systems Auditor (CISA) - ISACA or Certified Information Security Manager (CISM) - ISACA.
- Project Management Professional (PMP) - PMI preferred.
- Advanced in AI Security Management (AAISM) preferred.
- Information Technology Infrastructure Library (ITIL) preferred.