Full-time
Director, Information Security (Chief Information Security Officer) - Port of Seattle - Seattle, WA

$129,707 - $162,134 a yearThe Port of Seattle is seeking a talented, progressive and engaging Chief Information Security Officer with significant Information Technology Security Management experience to be part of an already talented team.

The Director of Information Security will serve as the Chief Information Security Officer (CISO) of the Port of Seattle and will lead, oversee and coordinate information security and privacy efforts across the enterprise. The CISO will address integration of information security within the enterprise/technical architecture and organizational business processes and be responsible for integrating all aspects of information security across the enterprise to assure the highest level of protection of sensitive corporate electronic data.

OPPORTUNITY:
The CISO will lead the IT Business Continuity and Disaster Recovery program and provide integration and coordination with corporate, airport and seaport emergency preparedness and business continuity initiatives and procedures. The CISO will also participate as appropriate in areas of Homeland Security, cyber defense, and Critical Infrastructure Protection germane to the Port’s potential risk profile and this position. Overall this position is responsible for establishing the vision and direction for all information security and providing the strong leadership necessary to implement the vision.

ESSENTIAL FUNCTIONS:
This list is ILLUSTRATIVE ONLY, and is not a comprehensive listing of all functions and duties performed. Essential duties and responsibilities may include, but are not limited to, the following:

Department Management:
Oversee daily operations for the Port of Seattle’s Information Security personnel, including FTEs and contractors. Responsible for performance management, salary administration, disciplinary actions, career development and coaching for diverse technical staff. This position develops overall departmental direction, facilitates team meetings, and effectively communicates relevant information to peers, superiors and partner organizations including the Information and Communications Technology department (ICT). Challenge staff to develop as leaders while serving as a role model and mentor. Responsibility and authority to develop departmental budgets, present budgets for annual approval, determine budget priorities as it relates to staffing, contracts, services, hardware and software tools, travel, supplies, and all other typical departmental expenditures.

Policy and Governance:
Direct development of enterprise-wide information security policies, standards, procedures and guidelines. Will guide these requirements through the information technology governance review and approval process. Then will provide internal departments, partner organizations, consultants, and vendors guidance on policy implementation; and coordinate enterprise-wide compliance to appropriate internal and external information security and privacy requirements. Provide research and opinions to the CFO, Executive management and the CIO, Governance Board, and other stakeholders on legal and compliance issues and serve as the central point of contact to the public and other agencies regarding the Port’s information security practices and procedures, privacy policies, and business continuity. Monitor information security and privacy standards and legislative requirements. The CISO serves as the Port of Seattle's assigned HIPAA Security Official (as required by HIPAA Security - § 164.308(a)(2)).

Planning and Preparedness:
Maintain a strong understanding of the information security risks associated with the Port’s systems and network by means of periodic risk and vulnerability assessments with guidance from industry best practices. Oversee the coordination of IT Business Continuity and Disaster Recovery planning to ensure IT systems can respond to a disaster so that critical business functions can be resumed within a defined time frame and data loss is minimized. Develop strategic and tactical plans, as well as overseeing the maintenance and exercise of the IT Business Continuity / Disaster Recovery plans, including coordination of crisis management plans and incident command within parameters of the FEMA Incident Command System (ICS). Work with Port-wide departmental management and information technology managers to raise information security awareness and integrate best security practices into daily operations. Coordinate and oversee training sessions on information security, privacy, and business continuity.

KNOWLEDGE, SKILLS & ABILITIES:
In-depth knowledge of information security policy, security framework, and best practices. An in-depth knowledge of information security regulations (PCI, HIPAA, PII) as well as SOX and CJIS security requirements. Substantial and deep knowledge of current and emerging technologies and their application in industries in which the Port is engaged. Knowledge and experience with enterprise security policies, security software and hardware products, network security, risk assessments, audits, security architectures, business continuity and disaster recovery, incident command practices, cryptography technologies, authentication methods, virus protection, intrusion detection, public key infrastructure, access control systems and methodologies, industrial control systems, biometrics, and privacy issues. Familiarity with the following security technologies: firewalls, IDS/IPS, virus protection, content and spam filtering, email encryption, packet capture and inspection, IPSec and SSL VPN, PKI, certificate authorities, wireless security, VoIP security, and telecommunications. Experience in incident response methodologies and practices.

Demonstrated success in leading highly technical and diverse teams that provide enterprise information security support. Highly effective staff leadership, coaching and role modeling skills. Highly communicative and works well with senior and executive management. A business-oriented technologist, capable of understanding and communicating well with internal and external customer management and subject matter experts as well as with other technology professionals. Excellent organizational skills and analytic, problem-solving skills.

Able to translate strategic technology vision and direction into project plans and tactical implementation steps required to deliver solutions. Ability to develop and understand very large and complex budgets. Ability to understand security at a holistic level, its benefits, and how to properly integrate it into an organization with minimal impediment to overall business process. Ability to understand complex, evolving compliance requirements, and communicate them back to the organization in easy to understand terms. Strong collaboration skills with the ability to interface with internal and external stakeholders on security policy, including ICT, Finance, Internal Audit, Human Resources, Risk Management, External Relations, Maintenance, Facilities & Infrastructure, and Legal. Ability to communicate across all levels of the organization to build consensus around complex solutions to complex problems. Ability to deliver effective presentations to large groups.

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.