Director of IT Security

About The Position

Requirements

• Bachelor’s degree in Information Security , Computer Science, or a related field; Master’s degree preferred.
• Professional certifications such as CISSP, CISM, or CISA.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• In-depth knowledge of regulatory requirements and standards relevant to aviation and healthcare.
• Proven experience in developing and implementing security strategies and technologies.
• Excellent leadership, communication, and interpersonal skills.
• Ability to work effectively in a fast-paced, dynamic environment.
• Must have hands-on technical skills to evaluate technology, design, and document controls.

Nice To Haves

• Master’s degree preferred.

Responsibilities

• Strategic Leadership Develop and implement a comprehensive information security strategy aligned with organizational goals.
• Provide leadership and direction for the information security program, including governance, risk management, and compliance.
• Risk Management Identify , assess, and prioritize information security risks, and develop strategies to mitigate these risks.
• Ensure compliance with relevant regulatory requirements and standards, including HIPAA, GDPR, DFAR, SOX and industry-specific regulations.
• Policy and Compliance Establish and maintain security policies, procedures, and standards.
• Monitor compliance with information security policies and procedures and take corrective action as needed.
• Incident Response Develop and implement an incident response plan, including detection, response, and recovery processes.
• Lead the response to security incidents, including investigation, mitigation, and reporting.
• Technology and Infrastructure Oversee the implementation and management of security technologies and tools, including firewalls, intrusion detection/prevention systems, and encryption.
• Ensure the secure design, development, and deployment of IT systems and applications.
• Training and Awareness Develop and implement an information security awareness and training program for all employees.
• Foster a culture of security awareness and vigilance across the organization.
• Collaboration and Communication Collaborate with other executives and stakeholders to integrate security into business processes and initiatives.
• Communicate security risks and strategies to the board of directors, executive team, and other key stakeholders.
• Vendor and Third-Party Management Assess and manage the security posture of third-party vendors and partners.
• Develop and enforce security requirements and agreements for external partners.