Director of Information Security
: Job Details :

WestchesterInformation TechnologyFull-timeTarget annualized salary for this role: $180k - $210k

Position Overview

Join the Follett Team, where team members are valued, respected, and offered career paths throughout its many campus locations.

Follett serves over half of the students in the United States and works with 80,000 schools as a leading provider of education technology, services, print, and digital content. We're higher education's largest campus retailer and a hub for school spirit and community as we operate over 1,000 local campus and online stores across the continent. We take pride in the fact that for more than 140 years, we have been helping to improve people's lives by supporting a lifetime of learning and education.

We are looking for a results-driven Director of Information Security to join the Follett team.

The Director of Information Security is an experienced professional who can manage people, processes, and technology in a fast-paced operational environment. Must have excellent interpersonal skills, the ability to develop important relationships with key stakeholders, and good conflict management and negotiation skills. Ability to identify issues and raise them to key stakeholders to create relevant and realistic plans, programs, and recommendations and facilitate execution against objectives where needed. Must have a demonstrated ability to translate strategy into action, excellent analytical skills, and an ability to communicate complex issues straightforwardly to non-technical parties and Executive Leadership. The Director will manage a portfolio of security tools, vendors, service providers, and platforms to maximize efficiency and return on investment. A broad understanding of scaled enterprise infrastructure, networks, internet applications, IaaS/PaaS/SaaS technologies, virtualization, operating systems, and hardware platforms in a multi-datacenter/multi-cloud provider environment is required.

Responsibilities

Specific duties include leadership of a geographically distributed team, oversight of security operations and tactical execution, procedure development, contributing to the overall strategy, and participation in technical projects. Specific functional areas of responsibility and proficiency include Security Engineering, Security Architecture, and Security Operations. This includes End Point, Email Security, Logging and Monitoring, Event and Incident Management (SEIM), Firewall management and monitoring, proxy server management and monitoring, and third-party service provider management. The Director is responsible for driving process implementation, refinement, troubleshooting and monitoring, short and long-term project success, cross-team collaboration, tuning, metrics, and KPIs driving proactive improvements. The Director will function as a catalyst for change, driving continuous improvement across all aspects of security technology to the benefit of the organization.

Information Security Operations, Engineering & Architecture:

• Directs oversight and continuous improvement of the core functions expected from the Security Operations, Architecture & Engineering program at the enterprise scale.
• Researches, develops, and stays abreast of tools, techniques, and process improvements supporting security operations & engineering as well as the needs of other stakeholders within Cyber Security.
• Maintains knowledge of potential and emerging information security threats, vulnerabilities, and control techniques and assists IT and business staff in understanding and responding.
• Designs processes and implements and manages tools that protect Follett's data and systems.
• Ensures that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected throughout the digital ecosystem.
• Provides guidance and recommendations regarding the prioritization of investments and projects that mitigate risks, strengthen defenses, and reduce vulnerabilities.
• Monitors the threat landscape as it applies to Follett's and takes appropriate steps to reduce exposure.
• Builds, leads, manages, and motivates teams (matrixed and direct) in a dynamic, rapidly evolving, cross-functional environment centered around the use of people, processes, and technology.
• Oversees a managed portfolio of security technologies and services, ensuring health, efficiency, cost-effectiveness, and return on investment.
• Builds and drives the strategy around enhancements to vulnerability management and application security programs.
• Collaborates with leadership and peers to establish and maintain accurate reporting of key performance and key risk indicators for information security.

Risk & Compliance:

• Designs, deploys, and operates technical security controls in alignment with the guidelines established in corporate policies and standards in support of regulatory compliance efforts.
• Continuously monitors the effectiveness of technical security controls ensuring control objectives are met.
• Relevant compliance expertise for the industry and familiarity with, or certifications including, ISO, SOX, CISSP, NIST, and PCI.
• Facilitates the implementation of a security review board, coordinating with governance, risk, and compliance to integrate with the security exceptions process.

Minimum Requirements:

• Bachelor's degree or equivalent - Computer Science, Engineering, or related discipline OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
• 10 years of IT Security experience, including cloud security architecture and design such as Azure, AWS, and IBM.
• Strong written and oral communication skills and the ability to engage positively with the business community and IT management, staff, and customers.
• Strong knowledge of security architecture for applications and infrastructure.
• Experience implementing PCI/DSS requirements and acquiring Level 1 PCI certification.
• Experience with common regulatory and security frameworks such as NIST CSF, PCI-DSS, COBIT, and ISO 27001 is required.
• Ability to relate business requirements and risks to technology implementation for security-related issues.
• Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
• Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert.
• Highly motivated with focused attention to detail.
• Strong analytical and problem-solving skills.
• Strong project management skills, especially in a cross-functional environment.
• Strong interpersonal skills: the ability to manage employees, service providers, contractors, and consultancy in a distributed and matrixed environment.
• Standard working hours, 8 am-5 pm, with on-call status 24/7.

Relevant industry certifications are a plus:

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacking (CEH)
• EC-Council Certified Security Analyst (ECSA)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Manager (CISM)