Information Security & Privacy Director
Alta Resources is Hiring!
The Information Security & Privacy Director oversees all ongoing activities related to the development, implementation, maintenance of and adherence to the organization's policies and procedures covering the security and privacy of; and access to, Client and corporate information in compliance with federal and state laws and the organization's information security and privacy practices. The Information Security & Privacy Director serves as the Chief Security Officer role for the organization as required contractually.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following.
Other duties may be assigned.
Provides development guidance and assists in the identification, implementation, and maintenance of organization information security and privacy policies, standards, procedures and guidelines in coordination with senior management and the Security and Privacy Committee. Serves in a leadership role for the Security and Privacy Committee’s activities.
Performs initial and periodic information security and privacy risk assessments and conducts related ongoing compliance monitoring activities. Participates in the development, implementation, and ongoing compliance monitoring of contractual and legal requirements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Works with senior management, business units, and other corporate departments to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
Initiates, facilitates and promotes activities to foster information security and privacy awareness within the organization and related entities. Oversees, directs, delivers, or ensures delivery of initial security and privacy training and orientation to all employees, contractors, temporary employees, business associates, and other appropriate third parties.
Ensures mechanisms are implemented to track access to protected health information and personally identifiable information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s security and privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
Ensures compliance with security and privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, senior management, and legal counsel as applicable.
Involved with any aspect of release of protected health information or personally identifiable information, to ensure full coordination and cooperation under the client’s contractual obligations, organization's policies, and legal requirements.
Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information security and privacy technologies to ensure organizational adaptation and compliance. Maintains an understanding of industry trends, security threats, and associated patterns and techniques used to mitigate associated threats across one or more enterprise systems. Understand current vulnerabilities, attacks, and countermeasures and stay informed with the latest security vulnerabilities, advisories, incidents, and penetration techniques.
Serves as information security and privacy consultant to the organization for all departments and appropriate entities. Reviews all system-related information security plans throughout the organization.
Oversees response by directing the Incident Response Team for all security related incidents. Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters.
Represents the organization's information security and privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulations, or standards. Maintain relationships with local, state, and federal law enforcement and other related government agencies.
Advises and collaborates on business continuity and disaster recovery plans, external audits and regulatory compliance practices.
Regular attendance, punctuality and adherence to agreed-upon schedule of availability are conditions of employment and essential function of this position.
Motivates and leads a high performance Information Security organization. Supervises and carries out leadership responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include attracting, interviewing, hiring, retaining, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing and resolving issues. The position also requires active leadership in the way of supporting strategic initiatives as well as personal development and application of Six Sigma methodologies. All leadership positions are expected to attain Six Sigma Green Belt certification.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Additional qualifications include:
Must be an articulate and persuasive leader who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
Must have a solid understanding of information technology and information security.
Strong project management skills.
Outstanding organizational skills and high attention to detail.
Excellent communication, presentation, analytical, and auditing skills.
Security related experience with Intranets, Extranets, network protocols, UNIX, and Windows systems.
EDUCATION and/or EXPERIENCE
Bachelor’s degree in a computer related field required. Minimum of 8 years experience in computer security related fields.
CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional Certification) preferred
5+ years of recent experience with security architecture, security engineering, network engineering, or systems administration.
TECHNOLOGY SKILL BASE
In addition to specific security-related technologies, this position requires a working knowledge of computer technology that includes Microsoft Office Suite. Individuals in this position must possess the ability to learn and understand new software and other technology applications as introduced by Client and Alta Resources.
Ability to read, analyze, and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.
Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems. Ability to deal with nonverbal symbolism (formulas, scientific equations, graphs, musical notes, etc.) in its most difficult phases. Ability to deal with a variety of abstract and concrete variables.
While performing the duties of this job, the employee is regularly required to sit for up to eight hours, and stand. Manual dexterity that allows the individual to use hands to type on a keyboard, use a mouse and write are required, as is the ability to talk, and hear. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The environment for which this position functions contains scents and fragrances related to product samples that are necessary to have on site in order to complete the essential job functions of this position or others positions within the same area. Due to the nature of this work individuals are required to be on-sight during hours designated by the Client, however, the occasion will arise when the employee must be off-site due to business functions.
- Pay Type Salary
- Neenah, WI, 120 N Commercial St, Neenah, Wisconsin, United States of America