Director, Corporate Information Security
- Recruiter
- Penguin Random House
- Location
- New York
- Salary
- Competitive
- Posted
- 07 Jun 2022
- Closes
- 25 Jun 2022
- Job Type
- Information Security
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
Are you passionate about information security, risk management, privacy, compliance and strategy? Penguin Random House is seeking a Director of Corporate Information Security to join their team. The successful candidate will lead the implementation and management of programs across business and technology units that focus on governance, risk, and compliance, fraud, data security, vulnerability management, and application and cloud security.
Responsibilities:
* Assist the Global CISO in the development, implementation, and maintenance of information security procedures, standards, and guidelines. Oversee the localized approval, training, and dissemination of security policies and practices
* Facilitate the information security risk and control assessment process, as well as support internal and external compliance programs
* Proactively monitor key risk indicators to identify non–compliance and assist in remediation with compensating controls to address security, risk, and control gaps
* Monitor business unit metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security
* Act as a liaison between management, product owners, technology operational risk, and internal audit functions
* Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
* Provide strategy for the implementation of control improvements, including process enhancements and use of automated data collection techniques
* Oversee information security awareness training programs for US employees, contractors, and approved system users
* Monitor external threat intelligence information to identify potential fraud or other malicious activity and escalate when necessary
* Conduct incident response and business continuity simulations to ensure the readiness of personnel in the event of an incident or disaster
* Manage the third–party risk assessment process to identify potential security and privacy risks and ensure that our vendors comply with internal policies and procedures
* Show ownership and leadership skills in coordinating projects across multiple teams, driving them to successful conclusion while building strong, lasting relationships with both internal and external stakeholders
* Demonstrate the ability to break abstract goals into attainable, measurable work items
Skills:
* At least 10 years of experience in information security advisory or IT risk management, preferably in a complex, largescale environment
* Proficiency in information security domains, including policies and standards, risk and control governance and assessments, secure systems development lifecycle, access controls, regulatory compliance, technology resiliency, incident management, vulnerability management, and data protection
* Strong project management and execution skills for driving enterprise–wide risk initiatives
* Experience working with cloud computing environments and respective controls
* Strong analytical and problem–solving skills
* Working knowledge of information security and privacy frameworks such as IS0 27001, PCI DSS, CCPA and GDPR
* Certifications such as CISSP, CISM, CRISC, CISA are preferred
Responsibilities:
* Assist the Global CISO in the development, implementation, and maintenance of information security procedures, standards, and guidelines. Oversee the localized approval, training, and dissemination of security policies and practices
* Facilitate the information security risk and control assessment process, as well as support internal and external compliance programs
* Proactively monitor key risk indicators to identify non–compliance and assist in remediation with compensating controls to address security, risk, and control gaps
* Monitor business unit metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security
* Act as a liaison between management, product owners, technology operational risk, and internal audit functions
* Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
* Provide strategy for the implementation of control improvements, including process enhancements and use of automated data collection techniques
* Oversee information security awareness training programs for US employees, contractors, and approved system users
* Monitor external threat intelligence information to identify potential fraud or other malicious activity and escalate when necessary
* Conduct incident response and business continuity simulations to ensure the readiness of personnel in the event of an incident or disaster
* Manage the third–party risk assessment process to identify potential security and privacy risks and ensure that our vendors comply with internal policies and procedures
* Show ownership and leadership skills in coordinating projects across multiple teams, driving them to successful conclusion while building strong, lasting relationships with both internal and external stakeholders
* Demonstrate the ability to break abstract goals into attainable, measurable work items
Skills:
* At least 10 years of experience in information security advisory or IT risk management, preferably in a complex, largescale environment
* Proficiency in information security domains, including policies and standards, risk and control governance and assessments, secure systems development lifecycle, access controls, regulatory compliance, technology resiliency, incident management, vulnerability management, and data protection
* Strong project management and execution skills for driving enterprise–wide risk initiatives
* Experience working with cloud computing environments and respective controls
* Strong analytical and problem–solving skills
* Working knowledge of information security and privacy frameworks such as IS0 27001, PCI DSS, CCPA and GDPR
* Certifications such as CISSP, CISM, CRISC, CISA are preferred