Dir, Information Security Audit & Compliance (ID Analytics)
ID Analytics is a leader in credit and fraud risk solutions with patented analytics, proven expertise and up-to-the-minute insight into consumer behavior. Founded in 2002, with a vision to think differently about how institutions solve the problem of verifying consumers’ identities, we now solve a full range of identity challenges, including assessing credit risk and improving online customer experience. Our tools help our clients protect themselves and their customers from identity risk and fraud. Our solutions are all powered by analytics, but it’s our access to data unseen by other bureaus that differentiates our solutions. ID Analytics is a Symantec company.
We are looking for an experienced Information Security and Audit/Compliance leader to join our team.
The Director of Information Security plays an integral part in development of strategic information security policy, technology plans and investments and leads a dedicated team responsible for day to day delivery of services across four core cybersecurity capabilities including: Proactive, Pre-emptive, Surveillance, and React and Remediate. Additionally, this position is responsible for leading information security related Audit and Compliance activities across the business. The Director advises the ID Analytics executive leadership team by recommending and prioritizing investments and projects that mitigate overall risks, strengthen defenses and reduce vulnerabilities for development, internal and client facing systems including cloud and third party. This role serves as an expert advisor to senior management in the development, implementation and maintenance of information security infrastructure to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance.
- Chairs the ID Analytics executive steering committee that brings together key business stakeholders to develop and review enterprise security and risk strategies
- Aligns and synchronizes ID Analytics Infosec policy, procedures, best practices and directives with broader Symantec Consumer Business Unit InfoSec
- Collaborates with cross-functional Business, Product and Technology, GRC and IT Service Delivery teams to identify, deploy, support and monitor security program improvements that promote the business in a secure manner
- Collaborates with Business and Technology teams to ensure the correct priorities are identified and actioned and meet Service Level and compliance requirements
- Provides guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.
- Acts as the primary ID Analytics control point during follow-up on significant information security incidents, oversee development of response plans, forensics, custody of data, and provide timely update reporting.
- Provides guidance to business units as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with Human Resources and Legal counsel as appropriate.
- Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
- Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need
- Monitors industry trends and regulatory compliance with enterprise security policies and educates business unit leaders and service managers on compliance efforts
- Maintains relationships with local, state, and federal law enforcement and related government agencies as needed
- Delivers an information security awareness program
- Monitors and reports security/policy compliance
- Oversees execution of approved information security projects and internal/external security audits, and provide regular status reporting on progress of such projects.
- Leads a dedicated Information Security team including Audit and Compliance resources.
- Bachelor’s Degree in computer science or engineering/technical field. Degree with specialization in Information Security preferred.
- 10+ years in Infosec Leadership roles of increasing responsibility.
- Industry certificates such as: CCISO, CISM, CISSP.
- Senior Security Leader with significant experience building and leading broad spectrum security teams in dynamic and complex environments.
- Competent in Infosec risk assessment and management, Security Program development and management and extensive audit support experience.
- Expert in information policy formulation, information security management, business risk management and compliance audit support
- Professional experience in running an information security program, analyzing and applying information security, risk management, and privacy practices
- Extensive experience in strategic planning, budgeting, and allocation
- Consulting and general security industry experience
- Experience in law enforcement and/or national security is highly relevant
- Knowledge of national and international regulatory compliances such as PCI DSS and SOC2 and frameworks such as NIST, FISMA and ISO
- Experience with secure coding standards
- Thorough knowledge of networking and distributed computing, routing, n-tier software, web application architectures, and networked file systems.
- Thorough knowledge of TCP/IP protocols, firewalls, VLANS, intrusion detection, wired and wireless network infrastructure and monitoring.
- Working knowledge of on-premise, cloud, and mobile computing environments, including Microsoft Windows, Mac, Linux, scripting languages, and security best practices.
- Thorough knowledge and demonstrated ability to perform risk assessments, risk impact analysis, mitigations and contingencies as applied to information security.
- Experience with and demonstrated ability to perform vulnerability assessments and utilize antivirus tools and platforms, web application firewall, and SIEM tools.
- A keen understanding of human based attack surface areas such as social engineering and spear phishing and the risks they represent.
- Ability to use discretion when handling confidential information.
- Excellent verbal and written communication skills
- Ability to react to high-pressure dynamic changing environments
- Ability to discuss and train security concepts to all areas of the business
- Fosters and builds a collaborative working relationship with various stakeholders
- Ability to motivate and lead both direct reports and cross-functional teams
- Strong problem solving and analytical skills
- Applicants elected for this position will require background screening and the ability to maintain a government security clearance. Applicants selected for a security clearance will be subject to a security investigation and must meet eligibility requirements for access to classified information.
- Must be available to work on an as needed basis during critical times.
Relentlessly protect the world’s information. Make a difference at Symantec. Across the globe, we are an ‘essential’ partner to both consumers and businesses of all sizes. We combine our talents, our brains, and our creative energy to reinforce our place as a world-class technical community.
Our most critical asset at Symantec is the talent we hire - you! We look for people who have a desire to excel and reflect our values: Innovation, Action, Customer-Driven, and Trust. We recognize that every opening in our company is a chance to increase Symantec's competitive advantage, and we are willing to invest in you in order to win.
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.
Symantec will respond to requests for reasonable accommodations to assist you in applying for positions at Symantec, or to submit a resume. If you need to request an accommodation, please contact our HR Helpdesk at 1-800-497-2580 or by email at email@example.com.
EEO is the Law. Applicants and employees of Symantec Corporation are protected under Federal law from discrimination.Click here to find out more.
Encryption, Antivirus and Malware protection, eDiscovery, Identity Protection and Authentication, Information Protection, Cyber Security Services, Threat Protection
Company Type: Public Company
Company Size: 10,001+