IT Security Risk and Governance Director
: Job Details :

TITLE: Security Risk & Compliance IT Director CLIENT: Property HoldingsLOCATION: The Woodlands TX / Houston TXTYPE: Permanent SALARY: DOEURGENCY: Interviewing NowSUMMARY: The Director of IT Security is responsible for developing, implementing, and maintaining the enterprise vision, strategy, and program to safeguard company's systems and data. The Director IT Security will work closely with the executive and IT leadership teams and other stakeholders to develop and implement a comprehensive information security program that effectively manages risk and protects the confidentiality, integrity, and availability of critical systems and data.DUTIES: - Develop and lead the execution of the information security strategy, aligning it with the overall business objectives.- Define and communicate security policies, procedures, and standards across the organization- Continuously monitor industry trends and emerging threats to adjust the security strategy as needed.- Provide guidance to the executive leadership team and Board of Directors on comprehensive cybersecurity strategies and recommended actions.- Provide regular updates on the status of the IT cybersecurity program to Executive Leadership and the Board of Directors.- Identify, assess, and prioritize security risks and vulnerabilities.- Implement risk mitigation strategies and security controls to safeguard the organization's assets.- Monitor and provide real-time analysis and mitigation of security threats.- Establish and maintain a robust security governance framework.- Oversee compliance with relevant frameworks and regulatory requirements (e.g., GDPR, ISO 27001, NIST, etc.).- Ensure compliance with legal and ethical standards in information cybersecurity practices across the organization.- Develop and maintain a comprehensive incident response plan to address security events.- Lead incident response efforts, coordinate with external resources, and oversee recovery and remediation efforts.- Lead the security operations in monitoring, detecting, and responding to security incidents and threats.- Manage and maintain security technologies such as intrusion detection systems, firewalls, and endpoint security solutions.- Develop and administer security awareness programs for company personnel to ensure that we are well-informed about security policies and best practices.- Conduct regular security assessments, vulnerability scans, and penetration testing to identify and remediate weaknesses in the organization's technology environment.- Continuously evaluate the security posture of third-party vendors and service providers.- Collaborate with Legal and Procurement teams to ensure that cybersecurity requirements are included in contracts and agreements with external parties.- Develop and manage the information security budget, organization structure including staff and vendor cybersecurity organizations, cyber security technology stack, and training resources.- Ensure the efficient use of allocated resources to meet security objectives.- Assists in reporting to the most senior levels of the Company (Executive Team, the Board of Directors, and subcommittees). Reporting to include the Company's overall cyber strategy, cyber related metrics, industry updates, risk mitigation and the status on other cyber related initiatives.REQUIREMENTS: - Over 10 years of experience in information security, including a minimum of 5 years in a senior leadership role.- In-depth knowledge of cybersecurity principles, technologies, and best practices.- Strong understanding of regulatory requirements and compliance standards.- Excellent communication and leadership skills.- Proven ability to build and lead a high-performing cybersecurity team.- Excellent interpersonal, verbal, and written communication skills.- Ability to present complex information to all levels of the organization.- Capability to operate in a dynamic work environment with competing priorities.- A team-oriented individual who can multi-task and is self-directed.- Demonstrates sound judgment in decision-making when not all information is available.- Strong problem-solving and critical thinking abilities.EDUCATION: - Bachelor's degree in computer science, information technology, or a related field. Master's degree preferred.- Certified Information Systems Security Professional (CISSP) or equivalent certification.