Director, Information Security

Information Security Responsibilities

• Promote and enforce awareness of key information security practices, including acceptable use of information assets, malware protection, and password security protocols
• Identify, assess, and report security risks, focusing on how these risks impact the confidentiality, integrity, and availability of information assets
• Understand and evaluate how data is stored, processed, or transmitted, ensuring compliance with data privacy and protection standards (GDPR, CCPA, etc.)
• Ensure data protection measures are integrated throughout the information lifecycle to safeguard sensitive information

Position Overview

• We are looking to hire a new Information Security Director who will work directly with our SVP of Information Security, Bounteous x Accolite team members, lines of business and clients to help protect the data, products and infrastructure against security threats by identifying potential problems with security systems. The role will be working with the IT and Risk teams (and other BUs/teams) to meet security and compliance needs, including but not limited to: penetration testing, security monitoring, incident response, threat management, auditing devices for strong security postures, and staying current with the latest Information Security trends and news.

Role and Responsibilities

• Strong technical backgrounds (ideally strong knowledge of upper right, Gartner leading security platforms, products, or services) with the ability to proactively identify and mitigate technical risks throughout their life-cycle
• Responsible for working with internal Lines of Businesses to help them address client queries regarding Bounteous' information security posture, future strategy and current controls
• Facilitation of the completion of security questionnaires, managing requests, and assignment tracker
• Supporting the Lines of Business and clients in facilitating such reports including certifications (e.g., SOC, ISO, etc.) to a successful outcome
• Working with internal corporate teams to address questions in the area of IT, Infrastructure, Supplier Risk Management, Cyber Defense, and application teams to facilitate responses related to application functionality and security
• Vulnerability Management and reporting that feeds into the Information Technology’s workflow for resolution
• Facilitate penetration testing on internal environments to ensure a strong security posture
• Analyzing security breaches to identify the root cause
• Lead the deployment of compliance, administrative, and detection solutions to enhance the organization’s security posture
• Continuously updating the company’s incident response and disaster recovery plans
• Verifying the security of third-party vendors and collaborating with them to meet security requirements
• Managing Account review and entitlement processes
• Work with security vendors and partners to preform scheduled security testing and reporting

Preferred Qualifications

• BA/BS in Computer Science and or equivalent experience
• 10+ years of experience/background in information security, information security auditor, IT audits and/or previous roles as a business information security officer is a plus
• Information Security specific qualification is desirable (such as CISM, CISA, CISSP)
• A quantitative approach to problem solving and a collaborative implementer to holistic solutions; a systems thinker
• Ability to assess security and business risks, analyzing and presenting critical risks and potential remediation activities to all levels of management within the business
• Proficient in the use of MS Office product suite(365)
• Ability to work flexibly to meet demanding deadlines
• Deep focus on execution, follow-through, accountability, and results
• Strong time management and organizational skills with the ability to manage multiple tasks and change priorities
• Exceptional communication and collaboration skills
• Excellent problem solving and influencing skills
• Exceptional cross-team collaboration; able to work across different functions, organizations, and reporting boundaries to get the job done