Director of Security and Compliance at sg360°

Wheeling, Illinois, United States -

Full Time

Start Date

Immediate

Expiry Date

16 Apr, 26

Salary

0.0

Posted On

16 Jan, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Regulatory Compliance, Risk Management, Incident Response, Security Policies, Communication Skills, Leadership, Technical Skills, Security Technologies, Audit Management, Vendor Risk Management, Cyber Security, Budget Management, Training, Phishing Campaigns, AWS Security

Industry

Marketing Services

Description

Description sg360° partners with Fortune 1000 brands to pursue unmatched direct marketing performance. We leave no stone unturned in our efforts to drive smarter targeting, stronger messaging and improved ROI. Everything we do - audience analytics, strategic planning, creative development, production and distribution - we do in the pursuit of performance. When you join us, you gain access to a comprehensive benefits package, including paid time off, holiday pay, health, dental, and vision insurance, life insurance, an education assistance program, short- and long-term disability, wellness resources, identity theft protection, and a 401k with employer match. Be part of a legacy of excellence and growth with sg360°! Our company is seeking a Director of IT Security and Compliance to ensure sg360°’s information technology systems are secure, compliant with relevant regulations and standards, and protected from cyber threats and breaches. Also to ensure sg360° is following all the security and compliance standards laid out by SOCII Type 2, HITRUST and NIST frameworks. JOB DUTIES: SOC 2 TYPE II, HITRUST, NIST, CSAT- enforce and ensure security and compliance requirements. Perform client assessments, complete IT security questionnaires- In person and remove IT and compliance audits. Remediate findings from Pen test, vulnerability assessments, client audits finding, on periodic basis. Review companies’ policies and procedures on an annual basis. Conduct periodic phishing campaigns, security awareness training, provide additional training to failures and compiling report for company’s security awareness posture based on campaigns and training. Prepare and project all the company’s security and compliance related risk so they can be presented to the executive/ board. Assign tasks to the direct repair in terms of tool deployments or other technical tasks. Asses the security posture of the company by conducting external party audits- assess AWS security and conduct periodic audits on the AWS environment of the company. Additional Job Duties include: Budgeting and resource allocation: Managing the budget for IT security, including the purchase of security technologies. Stay updated on security tends and regulations Keeping abreast of the latest cyber security threats, trends, and emerging technologies, as well as changes in laws and regulations affecting cyber security. Vendor and third-party risk management: Assessing and managing he risks associated with third party vendors and service providers, especially those who have access to the organizations data or IT systems. Managing security technologies” Overseeing the deployment and maintenance of security tools such as firewalls, anti-virus software, and intrusion detection systems to protect against threat. Regularly evaluating the organizations IT infrastructure Conducting system recovery testing, back up testing, RTO-RPO for business continuity. Providing strategic advice to senior management on security threats, risk management, and the impact of regulatory changes on the organizations IT infrastructure and business operations. Evaluate company’s IT posture to compare against competitors and ensure strengthening of the security infrastructure accordingly. Incidence response and develop strategy to address different types of security related incidents to endure response time is reduced to keep up with the business requirements. Design and implement guidelines that align with business objectives and regulatory requirements. Preparing for audits, addressing compliance gaps, and maintaining documentation. Requirements EXPERIENCE: 3-5 years specific job experience needed for an IT security and compliance manager/director includes a solid background in information security practices, experience with regulatory compliance frameworks like (SOC II, HITRUST, NIST, ISO 2700 1). Familiarity with risk management methodologies, and hands on experience with security technologies and audits. Experience in leading security assessments, managing incident response activities, and developing security policies and procedures is high valued. JOB SKILLS: Communication skills for conducting and leading audit related activities with clients and for internal company’s framework audit compliance with audit partners. Knowledge of organizational risk related strategies, technical skills to understand ever evolving cyber security tools industry and to understand implementation of several security requirements like encryption, network security etc. Leadership qualities and presentation skills to aid with bringing up the company’s security and compliance related the risk up to the executives. EDUCATION: Minimum requirement of a bachelor’s degree. License/certifications: CIM, CISSA, CISP, CRISC- either certification is preferred. PHYSICAL REQUIREMENTS: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Working conditions are normal for an office environment which include prolong sitting at a desk and working on a computer. While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms. Must be able to lift at least 15lbs and must be able to navigate various departments of the organization’s physical premises. sg360° does not offer employment-based visa sponsorship now or in the future. Candidates must be legally authorized to work in the United States without the need for current or future visa sponsorship. This policy applies to all applicants, including those whose employment authorization may expire in the future and would require sponsorship to remain employed. sg360° is an Equal Opportunity Employer. We make employment decisions based on merit, qualifications, and business needs. sg360° does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or any other status protected by applicable law. sg360° will provide reasonable accommodations to individuals with disabilities in the hiring process, in accordance with applicable laws. If you require an accommodation to complete your application, please contact the location to which you are applying and ask to speak with the Human Resources representative.

Responsibilities

The Director of Security and Compliance will ensure that sg360°’s IT systems are secure and compliant with relevant regulations. This includes managing security assessments, incident response, and developing security policies.