Director of Information Security, CISO
The Director of Information Security is the Chief Information Security Officer (CISO) for TravelClick and is responsible for directing and coordinating information technology security efforts across the company by assessing and reporting information risk, recommending risk mitigation strategies, and establishing protection goals, objectives, and metrics consistent with corporation’s strategic plan. This role manages the development and implementation of global security policy, standards, PCI compliance, security guidelines, and procedures to ensure ongoing maintenance of security. The Director will oversee incident response planning, as well as the investigation of security breaches, while assisting with legal matters associated with such breaches as necessary.
- Conducts annual information risk assessment of the organization and reports results and mitigation strategies and plans to the senior leaders of TravelClick. Updates and communicates assessment throughout the year as needed.
- Influences leaders throughout the organization to adopt business strategies and practices which manage information risk to an acceptable level and maintain compliance with regulatory requirements.
- Works closely with CIO and Chief Architect to ensure IT roadmaps, strategies, and initiatives are consistent with the organization’s information risk management strategy.
- Holds leaders across the organization, and especially within IT, accountable for delivering secure, compliant information systems.
- Communicates information risks and the status of security related initiatives regularly to CIO and senior leaders within the IT organization.
- Manages team of information security professionals and interns. Responsible for recruiting, hiring, evaluating, and coaching performance improvement for members of the team.
- Analyzes issues related to information technology policy, assesses current issues, performs technical and legal research, and reports findings.
- Develops technology appropriate use policies in conjunction with Legal, Internal Audit, IT, Human Resources, Privacy, and Security.
- Develops and administers appropriate sensitive information handling and storage policies, as well as awareness and educational programs.
- Leads the company’s overall PCI compliance program, managing the initiative across the company.
- Guides policies through appropriate review, approval, and endorsement processes.
- Communicates technology and information policies to the Corporation through presentations, memos, articles, classes, etc.
- Interacts with related disciplines to ensure consistent application of policies and standards across all technology projects, systems, and services.
- Conducts regular training of both development and engineering teams on security practices. Ensures proper education of personnel on use of OWASP security frameworks.
- Analyzes and tracks reports of inappropriate use of technology and company/personal information, including computer security incidents, and guides the investigation and resolution of such incidents.
- Interacts with Audit, Legal, IT, Human Resources, Privacy and Security to ensure effective communication and management of security policies.
- Coordinates the development and maintenance of disaster recovery and business continuity/resumption plans and procedures, for the timely recovery of critical business functions supported by IT.
- Continually assesses and reports on computer systems and telecommunications security risks within the IT environment
- Develops and maintains mechanisms for identifying, authenticating, and authorizing users accessing IT resources and information.
- Provides security related input to strategic and tactical planning, budget preparation, initiatives and projects planning, internal and external reporting, and other management activities, as required.
- Bachelors or Masters degree in Computer Science, Information Systems Management
- Six (6) years of managerial experience in computing or related technology areas, of which 2 years must be high-level Security strategy and operations
- Extensive experience with data, application, and computer security
- Professional certification is highly desirable (CISSP)
- Dynamic leader with proven ability build grow and motivate teams and strong track record of acquiring and retaining top talent
- Detail oriented, well organized, and ability to multi-task in a results oriented business environment
- Strong analytical and problem-solving skills
- Strong communication and interpersonal skills are required
Back to top