Director, Security and Compliance

Greenland, NH 03840

Employment Type: Direct Hire Area of Specialty: Cybersecurity Job Number: 7965 Category: IT - Infrastructure/Security

Job Description

JOB MISSION:  Reporting into the VP of Information Systems the Sr. Director, Security and Compliance, will have global responsibility for company security and compliance program to reduce company risk and increase efficiencies company-wide. 
The Director, Security and Compliance will be responsible for establishing a security framework and partnering with the executive team and business leaders to develop a prioritized security and compliance plan. This will include insuring compliance with data protection laws and monitoring our adherence to privacy standards. 

  • Directly responsible for policies, procedures, and controls to assure compliance with applicable regulatory, legal, and audit requirements

  • Identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements

  • Evaluate the current state of company security and risk profile and develop a risk-based gap analysis in order to implement and maintain a best-in-class security and privacy program

  • Partner closely with the executive team and business leads, providing guidance and ensuring information security strategy aligns with business goals

  • Identify risks and prevent vulnerabilities, including the evaluation and recommendation of all technical and business controls.

  • Effectively manage all enterprise cyber, data protection, and insider threat programs

  • Lead the development, training and dissemination of security and privacy policies, standards, and guidelines. Create and implement security awareness training programs.

  • Own the investigation process for all security incidents and ensure corrective actions are completed in a timely manner. Additionally, oversee the development of all security contingency plans.

  • Create a risk-based process for the assessment and mitigation of any information security risk in the company ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.

  • Ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.

  • Act as the data privacy officer to ensure that data privacy requirements are included where applicable.

  • Ensure that security is embedded in the project delivery processes by providing the appropriate information security policies, practices and guidelines.

  • Develop and enhance an up-to-date information security management framework based on the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT or National Institute of Standards and Technology (NIST) Cybersecurity Framework, PCI.

  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.

  • Deep expertise across security, privacy, IT audit, and legal security standards, guidelines, and principles for a global retail organization.

  • Demonstrated ability to leverage advanced knowledge of a business structure and components of a product or service to evaluate business needs, analyze gaps caused by change initiatives, determine potential opportunities and drive transformation. 

  • Strong experience with state-of-the-art security technology and technical concepts. 

  • Expert in enterprise risk management and defining and applying a risk management framework for a global organization. 

  • Deep knowledge of cloud security, network security, and data protection.

  • Experience with enforcing secure coding practices, threat modeling, identity and access management, and security incident response and recovery. 

  • Strategic problem solver who is analytically driven and an effective communicator who can present complex analysis to business leaders and executive leadership. 

  • Minimum of 10 years of experience in enterprise risk and information security for a global company. 

  • Bachelor’ s degree in related field strongly preferred. 

  • Extensive knowledge of GDPR, PCI, SOX, CCPA and other industry regulatory requirements

  • CISSP certification strongly preferred. Successfully led organizations to obtain and maintain required security certifications. 

Meet Your Recruiter

Pattie Tsivouras
Recruiting Director, Information Technology

Pattie joined the Connors Group team in 2017. Knowing how it’s important to always try and make the right impression with each interaction; Pattie personally feels that clients look for a Recruiter who demonstrates honesty, integrity, as well as trust. When proactively developing a strategic partnership, clients want to know that they can depend on you to deliver the most qualified candidates for their current openings. As a recruiter, she embodies that value in demonstrating passion in her work; evident as they encounter the level of excitement in describing past achievements or enthusiasm in approach to find the most qualified talent for their team!

Pattie strongly feels that candidates prefer that their career is centered around their quality of life. The chance to express preferences for a new job while feeling secure helps encourage them to do what they do best. Quality candidates like to be presented with long-term opportunities where they can see how their skills align with each company. Alternately, people who just feel comfortable tend to base any opportunity on what they currently need in order to make ends meet. Pattie embodies these values by matching the candidate to a position that provides an opportunity to learn, progress, and contribute to the company. Team work is always very key when it comes to empowering an individual to hone their expertise; allowing them the chance to grow within any organization.

Summoning the courage and strength to start her own business while also starting a family is something Pattie is very proud of.  Obtaining that perfect balance is always a key challenge, but you need to totally embrace it in order to overcome it.  A Director at her former company referred to her as “fearless” …and while she never thought of herself like that, hearing the complement did make her very proud! Her goal is to continue to have a stimulating career; providing open, supportive collaboration to inspire opportunity in the market. She would like to be positioned as someone who is focused on fostering strength in others! Outside of the office, Pattie loves skiing with her family… typically taking a trip out west every year. Going bike riding and taking family vacations are great. She loves summers at a Long Island beach home, going fishing with her boys and spending time at the pool and at the beach!   

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.