Assistant Director of Information Security
Date: Feb 23, 2021
Location:Columbus, OH, US, 43202
Company: American Chemical Society
CAS uses intuitive technology, unparalleled scientific content and unmatched human expertise to help companies create groundbreaking innovations that benefit the world. As the scientific information solutions division of the American Chemical Society, CAS manages the largest curated reservoir of scientific knowledge, and for 112 years, has helped innovators mine, assess and apply that information to keep businesses thriving. The CAS team is global, diverse, endlessly curious and strives to make scientific insights accessible to innovators worldwide.
CAS is currently seeking an Assistant Director of Information Security. This position will be located in our headquarters in Columbus, Ohio.
As our company grows and we expand our team, American Chemical Society is looking for an exceptional Assistant Director of Information Security. You'll be joining a team where you have real ownership and a charter to champion best practices, drive change and determine future policy and architecture. Under the general guidance of Chief Information Security Officer (CISO), Assistant Director of Information Security is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem of CAS and the American Chemical Society.
The Assistant Director of Information Security is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.
The Assistant Director of Information Security will proactively work with business units and partners to implement practices that meet agreed-on policies and standards for information security.
The Assistant Director of Information Security will be responsible for implementing and running the enterprise information security program. Principal Duties. Establish Information Security Governance and Build Knowledge by implementation of an information security steering committee or advisory board. Provide regular reports to senior management as part of a strategic enterprise risk management program, thus supporting business outcomes.
The Assistant Director of Information Security will be responsible to provide day-to-day direction, management, and performance reviews of information security team staff to create a high performing organization.
The Assistant Director of Information Security will need to show and exemplify great Leadership to collaborate with all Business Units at CAS and ACS to and understand the business priorities to meet the demands of the organization and it’s customers.
Work with CAS and the American Chemical Society Legal and Finance Departments to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences. Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
Assist the Chief Information Security Officer in formulating and implementing Information Security policies, programs, procedures, and standards.
Manage the budget for the information security function, monitoring and reporting discrepancies. Manage the cost-efficient information security organization, consisting of direct reports and/or indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews. Develop an information security vision and strategy that is aligned to CAS and the American Chemical Society priorities while enabling and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed. Work effectively with business units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.
Develop and enhance an up-to-date information security management framework
Provide input into the security annual budget for purchasing, staffing, and operations.
Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.
Provide mentoring and guidance to staff, as well as perform quarterly and annual performance reviews with input into salary planning activities.
Promote and maintain strategic security relationships between internal resources and external entities, including vendors and partner organizations.
Participate in planning efforts to achieve business goals by coordinating the evaluation, deployment, and management of current and future security technologies.
Collaborate with IT Compliance for enforcement of policies, procedures, and associated plans for system security administration and user system access.
Manage the execution of monthly vulnerability assessments, annual penetration tests and security related audits/assessments.
Implement security metrics to measure the overall effectiveness of CAS’s security posture.
Remain informed on trends and issues in the security industry, including current and emerging technologies. Advise and educate executives, management teams and end users on their relative importance and benefit.
Collaborate with other IT department leads on technology development to fully maintain the security of CAS data and assets.
Collaborate with the Privacy and Compliance officers ensuring that compliance related security and privacy policies are met.
BS/MS/PhD in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience and evidence of exceptional ability.
7 – 10 Years of progressive Security Management Experience
8+ years of experience managing and/or directing an IT and/or information security program.
Security Certification such as Certified Information Systems Security --Professional (CISSP), Certified Information Security Manager (CISM), and any Global Information Assurance Certifications (GIAC), etc. preferred.
Ability to create presentations and a story that will resonates with the business to help make sure our end users, customers, workforce members, and members of the society are in a secure posture that aligns with the business risk tolerance of the organization
Mastery of multiple security domains such as intrusion detection, incident response, malware analysis, and forensics. Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.
Strong verbal and written communication skills, solid team player, with demonstrated abilities in analysis and problem-solving
Nice To Have:
Experience achieving and maintaining compliance with SOC2, NIST 800-53, and other security frameworks
Working in the Information Security field across multiple different industry verticals
Security certifications (CISSP, CEH, etc…)
CAS offers a competitive salary and comprehensive benefits package, including a generous vacation plan, medical, dental, vision insurance plans, and employee savings and retirement plans. Candidates for this position must be authorized to work in the United States and not require work authorization sponsorship by our company for this position now or in the future. EEO/Minority/Female/Disabled/Veteran
Nearest Major Market: Columbus
Job Segment: Information Security, Information Systems, Computer Science, Database, Technology
Equal Opportunity Employer: Minorities/Females/Veterans/Disabled