Director Information Security/BISO

             

 

 

The Director Information Security will be responsible for all aspects of information security across all of IT including developing and maintaining a robust security strategy with solid security policies; protocols and procedures across enterprise security architecture, security operations center (within the SOC), data center security, network security including cloud security, and application development with appropriate security measures and initiatives.

 

What you’ll do: 

 

• Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program
• Develop, provide and publish a blueprint defining LZ’s technology security architecture and design
• Responsible for a comprehensive network security deployment and compliance strategy
• Identify and define new information protection and data security requirements and convert them to active projects with assigned priorities and completion dates
• Maintain understanding of all computer operating systems, hardware, software, and communications platforms and protocols leveraged in the organization
• Guide the organization on the appropriate Information Security services, mechanisms, technologies and features
• Establish a corporate security council with delegates from other departments
• Coordinate information security initiatives with IT, Legal, Operations and Privacy stakeholders
• Closely monitor emerging information security threats, assess the company’s risk exposure to them, implement mitigating measures and communicate this information to key stakeholders on a timely basis
• Conduct regular reviews and provide exception/exposure reporting and remediation plans to leadership
• Responsible for IT Security Audit and Risk Management (PCI & best practices). Coordinate vulnerability assessments of deployed software applications and enterprise systems, to include penetration testing, architecture reviews and patch management.
• Establish strong working relationships with third party providers for ongoing or ad hoc security initiatives
• Assist in the evaluation of outsourced/third-party technologies as related to the management, transmittal, protection and storage of corporate data
• Develop security related training programs, awareness campaigns, metrics and skills for the organization
• Implement enterprise-wide security controls to ensure the confidentiality of data across multiple geographically separated data centers
• Own and maintain IT policies and procedures relating to information security
• Ensure security logs are reviewed on a regular basis (NOC/SOC and/or other Tech resources)
• Own the hardening and compliance of all infrastructure/security appliances and software including Firewalls, VPNs, IP load balancers, IPS, file integrity monitoring software, and Security Event Information Management system (SEIM)
• Lead evaluations and implement new technologies related to information security

 

Qualifications/Skills 

 

• Minimum of 15+ years of Information Technology Experience, with 7+ of those in the area of information security
• Bachelor’s degree in Information Technology or Computer Science
• Certifications CISSP, CCSA, CCSE, MCP, MCSE (MCP+I)
• Proven ability to lead and apply information security, risk management and privacy practices
• Demonstrated understanding of Payment Card Industry/Data Security Standard (PCI-DSS)
• Demonstrated experience with information system disaster recovery planning and testing, auditing, and risk analysis
• Significant understanding of IT Infrastructure technologies including network, server (Windows & Linux), end-point, mobile, storage and how security relates to the overall IT
• Excellent written and verbal communication skills and interpersonal collaborative skills to be able to communicate security and risk-related concepts to technical and non-technical audiences
• Ability to lead and manage technical, security related projects
• Strong vendor management skills 
• Comfortable with a highly visible role
• Accountable – establishes and meets aggressive expectations
• Collaborative
• Acts locally with a strategic perspective
• Positive leadership style
• Detail Oriented
• Strong Verbal and Written Communication Skills
• Able to be an active participant in design and communicate design approach
• Possess current information security credentials

             

LegalZoom is an Equal Opportunity Employer, dedicated to diversity.