Overview ID.me is looking for a Director of Technology for Security and Risk Management. Reporting to the Chief Technology Officer, the Director of Technology for Security and Risk Management will be accountable for defining strategy and governing principles for information security, data privacy, and risk management, as well as overseeing specific goals, objectives, and execution plans to deliver the strategy. Responsibilities include implementing, administering and enforcing security policy and systems to assure system reliability, data confidentiality and integrity, monitoring ongoing security operations and managing security incidents, remediating security vulnerabilities in IT software and systems, managing all aspects of security architecture, and overseeing all applicable audits and certification efforts.
Our ideal candidate will have hands-on knowledge & experience with industry-leading technologies and products supporting information security, cybersecurity, data privacy, risk management, and compliance, and have experience working with key government and industry-based regulations, standards, and implementation framework such as NIST 800-63-3, ISO27001, FICAM and HIPAA.
- Performs information technology (IT) and Business Unit operational governance functions and internal/external audit facilitation and coordination.
- Leverages the ISO 27001 ISMS methodology to coordinate and deliver a security program that complies with multiple information security regulatory, certification, and guidelines.
- Develops and maps out security policies, standards, and procedures to industry or regulatory requirements across the businesses.
- Researches, implements and maintains third-party risk assessment technology solutions to track and manage the compliance of each business against the information security policies, standards, and procedures.
- Partners with product and engineering stakeholders to implement new security tools and vendors.
- Tracks, monitors and resolves internal and external issues and incidents.
- Leads the effort in identifying and evaluating the organization’s risk areas and provides input and solutions to the leadership team and key stakeholders.
- Facilitates internal and external audits by coordinating field work-data collection between Auditors and Business Unit’s process/control owners.
- Acts as liaison with IT business partners and business process or data owners to ensure full understanding of data flow, data integrity and system security.
- Assesses information technology control elements to mitigate IT risks regarding the confidentiality, integrity and availability of business information.
- Provides or assists in providing training, coaching and guidance to process/control owners in conducting IT audits and other IT audit-related issues.
- 10+ years of professional experience in the information security field.
- CISSP, CISA, CRISC or equivalent certifications strongly preferred.
- Information Security experience in multiple security areas including; network security, application security, server compliance, policy and standards management, and/or identity management.
- Must have experience with compliance and risk assessment methodologies including or similar to ISO 27001 and FICAM.
- Experience in performing new systems development audits, or related work experience.
- Experience with working and interfacing with IT, Product Development and Engineering personnel.
- General knowledge of elements of IT infrastructure, applications and support.
- Strong project management experience with managing multiple large to medium sized projects.
- Strong ability to analyze and understand business and technology needs.
- Leadership abilities with running multiple projects.
- Ability to create and update documentation of policies, standards, and procedures.
- Strong audit management, coordination, and response experience.
- Must have excellent project management experience and leadership skills to manage and work on multiple ongoing risk assessment projects.