Director, IT Cybersecurity
Mosaic

Job Info

---

The Director, IT Cybersecurity is accountable for leading, establishing and maintaining an enterprise information risk management program to ensure Mosaic information assets are adequately protected. Additional responsibilities will include, but are not limited to, developing security policies, standards, and guidelines; working with business leaders to facilitate IT risk assessments and identifying acceptable levels of residual risk; managing security incidents and events; and directing security and risk management projects.

What will you do?

• Develop and implement a strategic enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned or controlled by Mosaic. Develop and enhance an information security management framework based on ISO 27001. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection. Work with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
  
• Work directly with the Mosaic business leaders to facilitate IT risk assessment and risk management processes and work with stakeholders through the enterprise on identifying acceptable levels of residual risk. Work with external & internal audit on Mosaic IT controls audits. Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. Direct information security and risk management projects with resources from the IT organization as well as business representatives.
  
• Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. Create and management an information security and risk management awareness training program for all employees, contractors and approved system users.
  
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. Actively monitor security alerts, advisories, exploits, assessing risk and leading Mosaic teams toward an appropriate response.
  
• Lead, develop and coach IT security employees in order to retain and expand organizational talent through focused attention and effort. Provide timely and constructive feedback on a regular basis to ensure employees have a clear understanding of their work, roles and the business. Manage performance issues when necessary.
  

What do you need for this role?

• Bachelor's Degree or equivalent required, with a major in Information Technology, Business Management, Computer and Information Science, or related field. Masters Degree preferred.
  
• 10+ years of Information Technology experience required.
  
• Regulatory and Risk Management experience
  
• Sarbanes- Oxley Act (SOX) experience a plus.
  
• Policy Development knowledge.
  
• Excellent communication skills and Solid executive presence.
  
• Certified Information Systems Security Professional (CISSP) - (ISC)2 preferred
  
• Certified Information Systems Auditor (CISA) - ISACA or Certified Information Security Manager (CISM) - ISACA preferred.
  
• Project Management Professional (PMP) - PMI preferred.
  

---