This position is responsible for establishing and maintaining a global IT security and compliance strategy, policies, programs, processes, technologies, and controls impacting information services and communications technologies company wide. The role identifies, evaluates and addresses risks; ensures that information assets are adequately protected, and compliance requirements are met; oversees IT adherence to required compliance and privacy frameworks; and develops security strategies and services to accommodate global growth and business needs. Using ISO 27001 guidelines, this role is the central point of contact for the Technology organization for all Compliance, Security, Disaster Recovery and Business Continuity activities.
· Evaluates, deploys and manages IT security tools.
· Develops Continuous Improvement program for Process Improvement.
· Leads the development and delivery of the governance program through creation and maintenance of methodology, processes, and documentation helping to ensure objectives, purpose, and roles, and responsibilities are clearly defined.
· Collaborates with clients, business partners, stakeholders and vendors to continue to evolve and mature the governance program.
· Leads remediation, exception and risk acceptance efforts across the range of IT security risk findings identified by regulators, auditors and business management.
· Leads information security policy development and maintenance through collaboration with key stakeholders.
· Oversees delivery of critical infrastructure and data centers services by outsourced service providers to ensure components meet security and regulatory requirements including ISO 27001.
· Establishes effective IT disaster recovery and business continuity policies and procedures. Ensures alignment with IT, business and enterprise risk management priorities. Manages strategic planning, effective execution and consistent progress of IT business continuity efforts.
· Establishes and implements activities to improve technology compliance with internal policies and standards, internal and ISO 27001 audits and industry regulations.
· Leads enterprise Identity and Access Management (IAM) governance by developing processes designed to accommodate the wide range of access needs. Engages multiple levels of internal stakeholders for enterprise IAM growth and adoption.
· Institutes and oversees procedures for the timely and accurate preservation of data for eDiscovery.
· Oversees vendor/managed security services (MSS) engagements by building requirements and tracking the progress based on SLA and objectives of the program.
· Keep current with trends and benchmarking in governance practices across the business.
· Strong knowledge and experience with IT Security tools.
· Previous experience developing Continuous Improvement program for Process Improvement.
· Strong communication and coaching skills.
· Critical thinking and creative problem solving including the ability to maintain independence and objectivity in execution of oversight and reporting activities.
· Excellent interpersonal skills and collaborative management style.
· Proven ability to execute and deliver according to a plan.
· Ability to work quickly, accurately and with attention to details in a high-pace, growth environment.
· Demonstrated good listening skills and the ability to work well with internal and external customers.
· Experience with industry standards frameworks including ISO 27001.
Education and Experience Requirements:
· Minimum 8 years’ experience in the following: IT compliance or IT security. Experience in both areas is strongly desired.
· Minimum 2 years’ experience in a management role.
· Bachelor’s degree in IT-related discipline is preferred but not required.
· One or more of the following professional certifications, a plus: CISA, CRISC, CGEIT
· Prolonged periods of sitting at a desk and working on a computer.
· Willingness and ability to travel occasionally.
About Frontline Managed Services
We are a dynamic team, looking to hire vibrant individuals who can help us support the 350+ US law firms that we provide back-office services to. These services range from Database administration, Ebilling management, Virtual receptionists, SQL and Software development.