TITLE: Manager, Information Protection
LOCATION: Metro Chicago
REPORTING TO: Director of Corporate Security
SMR Group an international executive search firm whose global practice is focused exclusively on professional and executive level corporate security positions. It’s US based company, Security Management Resources, Inc. is seeking candidates in behalf of their client for the following opportunity:
In cooperation with senior management at the client's organization, will be responsible for the information asset protection program. Responsible for designing and implementing programs for mitigating identified risks and protecting the confidentiality, integrity, and availability of the company’s information assets. Serves as the champion of information protection by working to ensure business information owners are held accountable for each of their respective areas as it relates to business continuity, compliance and securing proprietary information assets. Leads the company’s efforts in pursuing best practices such as adopting or modeling the ISO17799/BS 7799 framework.
• Responsible for overall coordination with all functional areas, affiliates and parent corporation in order to gain support for information protection programs that will comply with information security best practices such as ISO 17799/BS 7799.
• Develops and implements best in class information protection strategies and methods.
• Prepare, develop and recommend global information protection strategies to senior management and Parent Corporation in order to protect the organization's information assets.
• Leads the overall development and implementation of information protection policies in concert with other functional areas such as Legal, HR and IT.
• Periodic reports including key performance indicator metrics will be prepared and presented to various parties including internal groups such as an “Information Protection Steering Committee.”
• Identifies information protection risks and vulnerabilities and makes cost- effective, reasonable recommendations.
• In consultation with each business unit, assists in the design and implementation of an information classification program classified by information owners, and provides self-assessments designed to uncover areas needing improvement. Each business unit retains ultimate responsibility for protecting information.
• Collaborates with each function, in order to ensure that appropriate internal controls over information security and protection are in place and routinely tested.
• Will address all aspects of information protection programs across the company, including those related to statutory requirements such as California Senate Bill No. 1386 that protects the confidentiality of personally identifiable customer information, as well as other local, state, federal or international regulatory bodies.
• Provides subject matter expert guidance to a number of areas including Legal, HR, Office of Ethics and Compliance.
• Reviews and implements security administration that adequately accommodates separation of duties where needed.
• Builds and maintains networks with people across organization and gains support of stakeholders within the Company as needed to achieve plan goals.
• Oversight and responsibility for performing forensic reviews as necessary.
• Develops and implements information protection awareness programs.
• Bachelors Degree required, Masters Degree or law degree preferred
• Preferred Degrees
• Information systems, Business Administration, Accounting, Criminal Justice, Management
• Preferred: CISM, CISA, CISSP, CFE, CPA
• 7 or more years related experience
• Demonstrated success in developing and implementing information protection strategies and programs.
• Worked in a Corporate Security, IT Information Security, Internal Audit or related field for a minimum of 7 years. Preferably in a leadership role.
• Understanding and working knowledge of current information security and protection trends and best practices (GASSP/ISO17799/BS7799).
• Knowledge of U.S. privacy regulations and European privacy standards.
• Working knowledge of applicable concepts and methodologies such as continuous quality improvement and auditing experience.
• Wide range of technical skills (MS, Unix, SAP, and Oracle would be a plus).
• This position requires the individual to have excellent organizational and technical skills.
• Must have exceptional written and oral communication skills. Experience and ability to communicate with executive team members.
• The individual will need to be able to lead and champion the initiative with all levels of employees.
• Must have excellent analytical skills, problem solving ability and the ability to plan for the future needs of our growing company.
Interested candidates should submit their resumes via the position posting on the SMR website at: http://www.smrgroup.org/SMR-Jobs.htm
+ Reply to Thread
Results 1 to 2 of 2
02-14-2008, 03:32 PM #1Member
- Join Date
- Sep 2006
Manager, Information Protection Wanted
02-14-2009, 06:45 AM #2Junior Member
- Join Date
- Jan 2009
I enjoyed reading this job description
I enjoyed reading the above job description, as I am very familiar with all the metrics described. However, the web-site link appears broken, as the site doesn't offer the opportunity to submit credentials.
David Sweigert, CISSP, CISA, PMP