Director, Information Security

Cars.com in Chicago, IL

  • Industry: Executive Management - Information Technology
  • Type: Full Time
  • $88,863.33 - 202,320.00
position filled

As the leader of Information Security, the Director of Information Security reports to the Chief Legal Officer. The Director of Information Security is responsible for defining and driving Cars.coms Information Security program. Responsibilities include day to day management of the security team, assessing and addressing Information Security compliance requirements, working with executive leadership to establish support for the Information Security program, working with peers to coordinate initiatives, and managing any needed third-party services.

Information Security Governance Tasks:

  • Develop an information security strategy aligned with business goals and objectives.
  • Align information security strategy with corporate governance.
  • Develop a business case justifying investment in information security.
  • Identify current and potential legal and regulatory requirements affecting information security.
  • Identify drivers affecting the organization (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.
  • Obtain senior management commitment to information security.
  • Define roles and responsibilities for information security throughout the organization.
  • Establish internal and external reporting and communication channels that support information security.
  • Establish a process for information asset classification and ownership.
  • Implement a systemic and structured information risk assessment process.
  • Ensure that business impact assessments are conducted periodically.
  • Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
  • Identify and periodically evaluate information security controls and countermeasures to mitigate risk to acceptable levels.
  • Integrate risk, threat and vulnerability identification and management into life cycle processes (e.g., development and procurement).
  • Report significant changes in information risk to appropriate levels of management for acceptance on both a periodic and an event-driven basis.

Information Security Program Development Tasks:

  • Develop and maintain plans to implement the information security strategy.
  • Specify the activities to be performed within the information security program.
  • Ensure alignment between the information security program and other assurance functions (e.g., physical, human resources, quality, IT).
  • Identify internal and external resources (e.g., finances, people, equipment, systems) required to execute the security program.
  • Ensure the development of information security architectures (e.g., people, processes, technology).
  • Establish, communicate and maintain information security policies that support the security strategy.
  • Design and develop a program for information security awareness, training, and education.
  • Ensure the development, communication, and maintenance of standards, procedures and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.
  • Integrate information security requirements into the organizations processes (e.g., change control, mergers, and acquisitions) and life cycle activities (e.g., development, employment, procurement).
  • Develop a process to integrate information security controls into contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties).
  • Establish metrics to evaluate the effectiveness of the information security program.

Information Security Program Management Tasks:

  • Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.
  • Ensure that processes and procedures are performed in compliance with the organizations information security policies and standards.
  • Ensure the performance of contractually agreed (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) information security controls.
  • Ensure that information security is an integral part of the systems development processes and acquisition processes.
  • Ensure that information security is maintained throughout the organizations processes (e.g., change control, mergers, and acquisitions) and life cycle activities.
  • Provide information security advice and guidance (e.g., risk analysis, control selection) in the organization.
  • Provide information security awareness, training and education (e.g., business process owners, users, information technology) to stakeholders.
  • Monitor, measure, test and report on the effectiveness and efficiency of information security controls and compliance with information security policies.
  • Ensure that noncompliance issues and other variances are resolved in a timely manner.
  • Develop and implement processes for preventing, detecting, identifying, analyzing and responding to information security incidents.
  • Establish escalation and communication processes and lines of authority.
  • Develop plans to respond to and document information security incidents.
  • Establish the capability to investigate information security incidents (e.g., forensics, evidence collection, and preservation, log analysis, interviewing).
  • Develop a process to communicate with internal parties and external organizations (e.g., media, law enforcement, customers).
  • Integrate information security incident response plans with the organizations disaster recovery and business continuity plan.
  • Organize, train and equip teams to respond to information security incidents.
  • Periodically test and refine information security incident response plans.
  • Manage the response to information security incidents.
  • Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.

Experience:

  • BS in Computer Science, Business Administration, Engineering, or related discipline
  • 7-10 years experience in information security operations
  • 3-5 years experience in information security leadership
  • Experience with security management frameworks such as ISO 27001-2, NIST, GLBA, GDPR, Sox
  • Very good familiarity with Application Development Security in a Cloud environment.
  • Ability to perform Risk Assessments

Required Skills:

  • Experience with Application Security in a Cloud Environment (Elixir)
  • Understanding of the security threat landscape
  • Ability to interface with senior management
  • Strong leadership, motivation and change management skills required
  • Experience managing others
  • Project management skills must be highly developed.
  • Must be able to provide a balance of strategic ability and hands-on tactical execution.
  • Consensus builder, with results oriented commitment
  • Excellent written and oral communications skills (English)
  • Ability to drive quality in every aspect of the job function

Strongly Desired:

  • CISSP Certified Information Systems Security Professional
  • SSCP Systems Security Certified Practitioner

Please enter your full address. Example: 123 Main Street Chicago, IL 60604

Are you authorized to work in the United States for Cars.com? *
--

Will you now or in the future require Cars.com to commence (sponsor) an immigration case in order to employ you (for example, H-1B or other employment-based immigration case)? This is sometimes called sponsorship for an employment-based visa status. *
--


Associated topics: attack, cybersecurity, iam, idm, information technology security, malicious, phish, protect, security, vulnerability

You may be interested in these similar jobs!
Appraisal Coordinator
First Look Appraisals in Chicago, IL

Hello!  It's an exciting time in real estate and an opportune time to join the premier AMC in the country. First Look Appraisals is a fast grow…

Read More
Director, Enterprise Security
U.S. Cellular in Schaumburg, IL

Job Description - Director, Enterprise Security (INF001358)Director, Enterprise Security-INF001358 Life is about choices and U.S. Cellular presents s…

Read More
Director - Information Security - USA
Arkadin in Schaumburg, IL

Company DescriptionBoost your career with the Cloud Communications division of NTT, a leading global technology services company bringing together 28…

Read More
Senior Security Analyst
Signode in Glenview, IL

Position Title:????????????? Senior Security AnalystDepartment:??????????????? Corporate IT Reports to:????????????????? Director, Global Infrastruct…

Read More
Director Business Information Security Officer (BISO)
Allstate Insurance in Northbrook, IL

Where good people build rewarding careers.Think that working in the insurance field can t be exciting, rewarding and challenging? Think again. You ll…

Read More
Analyst II, IT Security
Shure in Niles, IL

OverviewReporting to the Director, IT Security, assists in supporting the cyber security function within IT. Utilizing an understanding of informatio…

Read More
Director Business Information Security Officer (BISO)
Allstate in Northbrook, IL

Where good people build rewarding careers.Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll…

Read More
Cybersecurity - Microsoft Azure Security - Director
PwC in Prospect Heights, IL

A career in our Security Architecture practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients …

Read More
Fulltime : Director Network Security
USM Systems in Schaumburg, IL

Job DescriptionRole : Director Network SecurityLOCATION : Schaumburg ILDuration : Fulltime Must be US citizen or Green Card holder.Job Description : …

Read More
Analyst II, IT Security
Shure Incorporated in Niles, IL

Reporting to the Director, IT Security, assists in supporting the cyber security function within IT. Utilizing an understanding of information securi…

Read More
Identity & Access Management Architect
University of Minnesota - OIT in Chicago, IL

*Please note, this position is not eligible for H-1B or Those authorized to work in the United States without sponsorship are encouraged to apply. …

Read More