Senior Director, Cyber Risk Management

s
Company: Gillware
Location: Madison, WI 53704 (Carpenter-Ridgeway area)

Apply

Position Summary

The Senior Director, Cyber Risk Management is responsible for establishing and maintaining organization-wide information security and risk management programs to ensure that information assets are adequately protected. This position will lead the global Information Security program and is responsible for identifying, evaluating and reporting on security risks as well as owning and driving the enterprise wide Cybersecurity program. This position requires a visionary leader with strong skills in technology, security, and risk management. The director will proactively work with the Vice President of Cyber Risk Management and our clients to assess risks and maturity and then implement practices that meet defined policies and standards for information security.

The Global Director of Information Security and Risk Management serves as the process owner of all ongoing assessment and consulting activities. This individual will manage a team of consultants and engineers delivering assessment and testing services to our Clients. The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, a trusted advisor, an effective consultant and should possess solid domain competency in the field of information security by having 8 to 10 years of direct experience in this significant leadership role.

Requirements:

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management programs to ensure the integrity, confidentiality and availability of information owned, controlled or processed by our Clients.
  • Assess Client’s security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and risk management roles), including hiring, training, staff development, performance management and annual compensation review.
  • Develop, communicate and ensure compliance with Client’s information security policies and standards.
  • Help develop and manage Client’s information security budgets and monitor them for variances.
  • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users as needed.
  • Work directly with the Client’s business units to facilitate risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification, protection and security issue resolution
  • Provide subject matter expertise to consult with executive management on a broad range of information security standards and best practices, such as ISO 27001/2, NIST Standards and Frameworks, or the CIS Top 20.
  • Ensure that Client’s security programs are in compliance with applicable laws, regulations and policies to minimize or eliminate risk and audit findings, specifically SOX, PCI-DSS, CCPA, and GDPR.
  • Liaise between Client information security teams and corporate compliance, audit, legal and HR management teams as required.

Qualifications:

  • Minimum of 8 to 10 years of experience in a combination of risk management, information security, and cybersecurity.
  • Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Must be a critical thinker with strong problem-solving skills.
  • Knowledge of technological trends and developments in the area of information security and risk management.
  • Project management skills; financial/budget management, scheduling and resource management.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Master’s Degree in Information Assurance, Information Security or an appropriate Business Administration field, or equivalent work or education related experience.
  • Professional certifications in information security or risk management, such as a CISSP, CISM, CRISC.
  • Past experience in implementing key Information Security technologies such a SIEM, IDS/IPS, IDAM, MSSPs, Threat Intelligence, etc.
  • Demonstrated leadership of consulting efforts and teams.
  • Knowledge of security and control frameworks, such as ISO 27001/2, the NIST Standards and Frameworks, CIS Top 20, GDPR, CCPA, PCI-DSS, COBIT, and ITIL.
  • Team leadership of direct staff experience of at least 5 years.
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision.

Perks:

  • Collaborative, hard-working, energetic team culture
  • Excellent benefits – Vision, Medical, and Dental
  • 401K with company match
  • Unlimited PTO/time off policy
  • Bonuses for stellar performance


About Gillware

Gillware provides incident response, digital forensics, and cybersecurity services to legal and insurance professionals, corporate IT, in-house security teams, law enforcement, and everything in between. Founded in 2003, Gillware supports a global network of partners and clients from its offices in Madison and Milwaukee, WI. Gillware’s digital forensics operation is led by Cindy Murphy, a leading forensics investigator and educator with over two decades of professional experience in the field. Gillware’s team of computer scientists, researchers and investigators leverage years of experience and state-of-the art tools to deliver unparalleled results in the most challenging cyber security, digital forensics and disaster recovery scenarios.