Director, IT Security and Compliance

NaviSite, a Time Warner Cable company, is a leading provider of cloud-enabled enterprise hosting and application management services. It provides customized and scalable solutions, leveraging its industry leading hosting infrastructure; full suite of managed services; and custom and packaged application life cycle management expertise. More than 1,500 customers depend on NaviSite for customized solutions delivered through its global footprint, comprised of state-of-the-art data centers.. For more information, please visit www.navisite.com.
JOB SUMMARY:
The Director, Information Security & Compliance will be responsible for maturing the company?s information security strategy based on implementation of various security technology and management, key processes, practices, and standards necessary to manage the risks and security. This position will ensure that security controls and considerations are consistent and remain relevant throughout the organization to protect the company from Cyber Security threats as well meeting regulatory requirements and industry best practices such as PCI and IT SOX.
ESSENTIAL JOB FUNCTIONS:


  • Develop the security governance model by following industry best practices such as ISO 27002, NIST Cyber Security Framework, or NIST 800-53 to achieve desired security maturity model

  • Manage continuous enhancement of cyber security awareness program and improvement on risk management

  • Develop and establish executive dashboard reporting on Cyber Security events and trends and publish to senior management and key stakeholders

  • Create a process to periodically update policies and procedures to ensure they accurately reflect business requirements and align to industry leading security practices

  • Enforce Baseline Hardening Standards across organization

  • Strengthen the processes and procedures to aggregate logs, correlate events, and detect incidents

  • Direct access review across all applications to help better understand where unauthorized access is granted and can be removed

  • Frequently partner with IT to formalize the patch management program, review the patches, evaluate the risk, and apply the patches using a risk based approach

  • Conduct periodic vulnerability scanning process and penetration tests

  • Direct PCI and IT SOX compliance effort in partnership with Internal Audit Team

  • Manage third party risk management program in partnership with cross-functional teams

  • Some technical responsibilities and knowledge related to IDS, IPS, SIEM

  • Experience with implementation and operations is a plus.

  • Developing and maintaining information security policy and controls as well as leading education/awareness efforts.


MINIMUM QUALIFICATIONS:
Knowledge & Experience


  • Bachelor?s degree in computer science or related field

  • 10+ years of experience in information security

  • 5+ years of management experience

  • CISSP, CISA, or CISM preferred

  • Experience with developing security framework such as ISO, NIST, PCI, and IT SOX audit requirements and security attack vectors

  • Experience with data classification, access control, and security models

  • Experience with implementing and managing DLP, Privileged access and identity management, Password vault, GRC, and ERM tools

  • Experience with various authentication protocols and encryption algorithm


Navi
#LI-Post

Company Description:

Time Warner Cable is among the largest providers of video, high-speed data and voice services in the United States, connecting 16 million customers to entertainment, information and each other. Time Warner Cable Business Class offers data, video and voice services to businesses of all sizes, cell tower backhaul services to wireless carriers and enterprise-class, cloud-enabled hosting, managed applications and services. Time Warner Cable Media, the advertising sales arm of Time Warner Cable, offers national, regional and local companies innovative advertising solutions.


Advertisement

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Director Information Security & Compliance
Cambridge, MA Broad Institute
Security and Compliance Analyst
Boston, MA Opinion Research Corporation
ACSC Cyber Security and IT Intern Fair- Octobe...
Boston, MA The Federal Reserve Bank of Boston
ACSC Cyber Security and IT Intern Fair- Octobe...
Boston, MA Federal Reserve Bank
Director, Global Security Systems and Technology
Cambridge, MA Biogen Idec