The Associate Information Security Director is the senior corporate security professional for the business unit in Johnston, IA, serving as the strategic voice at the intersection of business objectives, cybersecurity threats, and centralized security services. This role provides leadership in cybersecurity strategy, compliance, risk management, and operational oversight while collaborating with executive leadership and cross-functional teams at Direct Staffing Inc.
What You'll Do
- Provide critical leadership related to strategy, regulatory compliance, demand planning, project prioritization, specification and deployment of new services and operational oversight for all cybersecurity activities across the company.
- Act as the single point of accountability and delivery for the President, General Counsel, and IT Director.
- Be responsible for the oversight of Deere's Global Information Security (GSEC) metrics in service and soliciting & obtaining resources, both CORP GSEC to achieve approved targets.
- Develop and implement information security strategy, assuring alignment with the GSEC security strategy.
- Broker existing GSEC services to execute risk assessments against locations, infrastructure, applications, systems, and services.
- Coordinate with GSEC and Enterprise Security & Preparedness organization (ES&P) to address incident response and assure timely, accurate, concise communications to key business leaders.
- Provide leadership and expertise to the Senior Leadership team on core functional business processes ensuring that key security priorities are addressed.
- Ensure that all business activities are performed in a secure and compliant manner, meeting all Deere internal and external standards and controls.
- Participate in the strategic planning and budgeting processes.
- Build and leverage existing finance industry relationships to identify industry leading practices, stay current on industry threats and benchmark cybersecurity services and performance.
- Manage cybersecurity architecture resources to: Assure compliance with existing policies and standards; Maintain security posture of existing infrastructure and applications; Engineer security into lifecycle of new infrastructure, applications, products and services.
- Manage cybersecurity risk and liability related to divestitures, acquisitions and joint-ventures.
- Partner with Supply Management and Legal organizations to review vendor contracts and suppliers.
- Provide subject matter expertise and cybersecurity leadership to the Enterprise Risk Committees.
- Partner with GSEC, ES&P, Legal, Compliance, Supply Management and business leaders to establish, deploy, and enforce cybersecurity policies and procedures.
- Provide oversight to global IT improvement projects and policy changes - Ex. Data Protection, Data Masking, Data Monitoring, Record Retention, etc.
What We're Looking For
- Bachelor’s degree in Information Security, Management Information Systems, Computer Science, Computer Engineering or equivalent experience.
- 8+ years of direct information security experience within the finance and banking industry.
- Experience as Manager of Information Security or Deputy Director of Information Security or other senior security-related function.
- Certified Information Systems Security Professional (CISSP) certification.
- Project management skills; financial / budget management, scheduling and resource management.
- Excellent verbal and written communication skills, persuasion, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- High degree of initiative and dependability.
- High level of personal integrity, and the ability to professionally handle confidential matters.
- Good understanding of risk management methodologies and implementation in an IT organization.
- Proven ability to manage to financial goals, both in own area, and in support of a larger entity.
- Proven ability to build strong teams; recruit top talent and develop colleagues at all levels.
- Highly ethical, self-motivated, conceptual manager with a sense of ownership and creative drive to get things done.
- Deep security experience, a believable party with particular depth in one or more key areas, such as IP protection or securing distributed computing environments against insider threat.
- Good understanding of enterprise class technology, having worked with prior in career complex IT infrastructure and applications.
- Collaborative mindset, with ability to achieve creative, win-win solutions.
Nice to Have
- Demonstrable past working experience in identifying, assessing, and resolving complex information security problems, devising plans to address those problems, and successful execution of those plans.
- Strong interest in and proven track record with challenging assignments.
- Hands-on information security experience specific to the finance industry, point-of-sale systems, eCommerce, SAP, etc.
- Subject-Matter-Expert related to global financial regulatory requirements specific to cybersecurity, information technology, data privacy and legal compliance, i.e. PCI, GLBA, FRB, etc.
- Additional certifications such as CISA, CISM, CRISC, CPP, CFE.
Technical Stack
- PCI
- GLBA
- FRB
- SAP
- eCommerce
- point-of-sale systems
Team & Environment
- Cross-functional collaboration with Legal, Human Resources, Compliance, Information Technology, Audit, Supply Management, Executive Leadership, GSEC, and ES&P.
- Reports to: President, General Counsel, and IT Director
Benefits & Compensation
- Comprehensive relocation package
- Reward packages
- Freedom to explore new projects
- Support to think outside the box
- Advanced tools and technology that foster innovation and achievement
- Opportunities for professional development
- Work-life balance emphasis
- Values-based culture
- Community involvement opportunities
Compensation includes a relocation package, reward packages, and comprehensive benefits.
Work Mode
- Local position based in Johnston, IA
Our company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sex, age, sexual orientation, gender identity, status as a protected veteran, or status as a qualified individual with disability.
