Job Specifications
About Eleven Recruiting
We are a specialized technology staffing agency supporting professional and financial services companies. Why do we stand out in technology staffing? We listen and act as advisors for our candidates on how they can best add value, find interesting projects, and pave a path for career advancement. We advocate for the best pay, diversity in tech, and the best job fit for every candidate we place.
Our client, a global investment firm, is seeking an experienced Director of Information Security to join their team in Los Angeles, CA!
This role will ensure compliance with industry regulations and standards, enforce robust policies, and provide strategic direction for the firm’s information security roadmap. The Director will lead a team of security professionals dedicated to mitigating risks and responding to incidents, protecting the firm’s systems, sensitive financial data, client information, and intellectual property from cyber threats.
Responsibilities
Develop, maintain, and enforce the firm's information security policies, procedures, and standards in accordance with legal and regulatory requirements, such as SEC, FINRA, GDPR, and any applicable financial industry regulations.
Lead and oversee the firm's information security program, including cybersecurity, identity management, risk assessment, incident response, and security awareness training.
Manage a comprehensive security strategy that includes network defenses, endpoint protection, data loss prevention, threat intelligence, and security monitoring.
Collaborate with key stakeholders to align security initiatives with business objectives and risk management strategies.
Conduct regular security audits, vulnerability assessments, and penetration tests to evaluate the effectiveness of security controls and policies.
Work closely with IT leadership to ensure the secure implementation of new technologies and the review the effectiveness of security controls and policies around existing architecture.
Lead the incident response team in managing and investigating security breaches and incidents while minimizing business impact.
Develop and oversee a vendor risk management program to ensure third-party compliance with the firm’s security standards.
Collaborate with legal and compliance departments to ensure all data privacy practices align with legal requirements and to provide supporting documents for security governance programs.
Prepare and manage security budgets and forecasts, ensuring the strategic allocation of resources.
Manage, mentor and develop a team of technology and security professionals, nurturing a culture of teamwork, integrity, excellence, humor, and results.
Stay abreast of the latest security trends, threats, and technologies to maintain the firm's cyber security resiliencies and capabilities.
Regularly report to executive management and cyber security committee on the state of information security program, potential risks, and recommendations.
Develop, standardize, and maintain security documentation, including the Information Security Program, Incident Response Plan, Security Policies and Procedures, and Infrastructure Presentations.
Identify third-party vendors for security due diligence of both external and internal applications used by the firm.
Conduct account audits and sensitive data validation audits, leveraging the data classification system.
Audit and maintain records of Active Directory data ownership, distribution list memberships, and employee access and approvals.
Monitor daily security alerts, log review, and maintain records of security incidents.
Manage the documentation for Windows and third-party patching processes and security hardening measures.
Provide new hire security training, conduct monthly phishing exercises, and maintain security training documentation.
Schedule and document annual risk assessments, penetration tests, and bi-annual disaster recovery tests, including maintaining the disaster recovery notification system.
Keep the employee status roster up-to-date in coordination with HR.
Oversee the creation and maintenance of onboarding/offboarding documentation and the electronic keycard register.
Act as the firm's main point of contact for managed security service providers and vendors.
Regularly inform the firm of significant security updates and maintain ongoing security-related communications.
Qualifications
A minimum of 10 years of experience in information security, IT risk management, or related field, with at least 5 years in a leadership role.
Bachelors or master's degree in Information Security, Computer Science, Information Systems, or related field.
Professional information security certifications such as CISSP, CISM, CISA or similar.
Strong understanding of the cyber security risks associated with various technologies and ways to manage them.
Ability to present security findings and reports to key stakeholders including executive management, cyber security committee,