Director, IT Security

Job ID 2021-2142
Category
Information Technology
Job Locations
US-IL-Niles

Overview

Don't get hacked and miss out on this global leadership opportunity!

 

As the Director, IT Security based at our corporate headquarters in Niles, IL, you'll own, define and maintain the global information security program at Shure! Reporting direct to the CIO, you will ensure that our information assets and associated technologies are protected - this also includes identifying, evaluating and reporting on legal and regulatory items, IT fraud and cyber security risk, while supporting and advancing business objectives. To be successful, this role requires strategic and results experience to lead the overall IT security strategy, vulnerability management, incident management, execution of application security standards, and security monitoring with a global focus. Looking for a role where you can make an impact? Join our team!

 

This role will ideally be based out of our Niles HQ with hybrid flexibility. 

Responsibilities

  • Determine global vision for information security assets, policies, and standards.
  • Develop and maintain continuous up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these policies and procedures.
  • Identify and communicate security protection goals and objectives with suitable measurement
  • KPIs to support the business security requirements.
  • Responsible for resource allocation, including budget, for the entire function/area.
  • Provide regular reporting on current status of information security program to senior leadership team
  • Audit all aspects of information security and facilitate integration with revenue optimization, fraud, and merchant management teams to ensure that all information owned, collected or controlled by or on behalf of the Company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  • Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
  • Evaluate and provide recommendation for risk mitigation and insurance policies for cybersecurity.
  • Define and monitor the information security incident processes to include incident response procedures and SWAT approach for resolution; coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security incident; provide direction, support and in-house consulting in these areas.
  • Partner with the enterprise architecture teams to build alignment between security and enterprise (reference) architectures and secure coding standards, to ensure information security requirements are implicit and built in to product design and development.
  • Define and build partnerships with external partners for providing forensic investigation, incident response support and other services as identified.
  • Serve as an internal information security consultant to the various business stakeholders to assist / advise / educate on all aspects of information security and compliance.
  • Ensure proper access controls and identity verification are in place.
  • Ensure effective levels of data asset protection are in place and monitored including data loss / data leakage and intrusion detection and prevention.
  • Actively collaborate with the Company’s other functional departments charged with security matters (Facilities, Finance, Legal, Human Resources, etc.) to build and maintain a comprehensive global security program for the Company.
  • Initiate, facilitate, and promote activities to create information security awareness within the organization.
  • Provide direct information security training to the workforce.
  • Establish governance and monitor compliance with the organization’s security policies and procedures among Associates, contractors and other third parties and take corrective action where necessary, including roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets.
  • Create and manage a unified control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Monitor advancements in information security technologies and make recommendations for Shure’s protocol accordingly.
  • Build and maintain external networks consisting of industry peers, ecosystem partners, vendors, and security entities (FBI, USSS, Local Law Enforcement, etc.) to address common trends, findings, incidents and cybersecurity risks.
  • May manage the work efforts of supervisors/individual contributors with responsibility for all personnel activities including hiring, firing, performance appraisals, and pay reviews. 
  • Performs other duties as assigned.

Qualifications

  • Bachelor’s degree in Business Administration or related field.
  • Minimum of 12 years of experience in a combination of risk management, information security and IT roles with at least five years in an information security role.
  • Minimum of five years of  experience in an IT leadership role, preferably in information security.
  • Subject matter expert in PCI and GDPR compliance as well as ISO270001 and NIST Security Frameworks.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of security and compliance.
  • Extensive knowledge of their discipline and a working knowledge of related fields. 
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Outstanding leadership skills including communication, ability to collaborate with and influence others, sense of urgency, nimbleness, creative thinking and personal integrity
  • Strong people leadership skills including development, mentoring, coaching, motivation, and ensuring a collaborative work environment.
  • Project management skills including financial/budget management, scheduling and resource management.
  • Ability to recognize and execute on strategic and adjacent opportunities to create efficiencies or reduce risk.
  • CISSP-ISSMP, CISM, CISA or similar industry certifications.
  • Able to direct and control the activities of information security.
  • Previous experience working with other senior managers with establishing strategic plans and objectives.
  • Able to make final decisions on administrative or operational matters and ensure objectives are achieved.
  • Able to participate in corporate development of methods, techniques, and evaluation criteria for projects, programs, and people.
  • Demonstrated ability of working on complex issues where analysis of situations or data requires in-depth knowledge of the Company.
  • Past interaction with executives and/or major customers involving negotiation or attempting to influence senior level leaders regarding matters of significance to the organization.
  • Past experience having overall control of planning, staffing, budgeting, managing expense priorities, and recommending, and implementing change.

#LI-Hybrid

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed