Director of IT Security and Compliance - US

Purpose of the Role

The Director of IT Security and Compliance (ITSC) is a critical member of the CIO’s leadership team and is responsible for ensuring Lumanity can achieve its business objectives in a secure, compliant, and professional manor by safeguarding the confidentiality, integrity, and availability of information assets.

The Director of ITSC is responsible for:

• Advancing the global information security strategy and budget.
• Constantly improving Lumanity’s information security management system (ISMS) and policies.
• Ensuring that information assets are adequately protected across our digital ecosystem.
• Enabling all stakeholders to understand what the ISMS requires of them.
• Identifying and overseeing the mitigation of regulatory and cybersecurity risks.
• Achieving and maintaining ISO27001 certification across Lumanity.
• Leading incident, business continuity, and disaster recovery response and improving plans.

As an empowered representative of the CIO, the Director of ITSC will help build a culture of information security maturity and risk management throughout Lumanity and acquired businesses.

This role requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives. The Director of ITSC is responsible for working with Business, Data Privacy, and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance while providing the business with practical and pragmatic technology risk advice to protect personal identifiable, sensitive, and confidential data against internal and external threats.

Requirements

Minimum Recruitment Criteria

• Qualifications - Qualified to degree level or equivalent work experience in information security and compliance roles. Certified to one or more of the following is desirable; CISSP, CRISC, CISA, CISM or CGEIT. As the information technology profession is constantly evolving, you will be expected to continuously update learning and knowledge throughout your career.
• In role experience – Minimum of 10 years of progressive information security and compliance experience. 5 years plus managing IT compliance and risk programs and delivering improvement projects. International experience is desirable, but not essential.
• Professional experience - Experience of ISO 27001, SOX, ITIL, NIST, and OWASP frameworks is required. Proven experience in an information security role including experience developing Information Security and Compliance policies and procedures. Excellent understanding of information risk concepts and principles as a means of relating needs to security and compliance protocols and policies. A strong working knowledge of information security, data privacy and compliance regulations within key geographies (GDPR, HIPAA, UK DPA, etc.), best practice processes and standard operating procedures for IT departments, and information technology systems and emerging technologies is required.
• Excellent verbal and written communications skills – Personal efficiency, attention to detail, the ability to write clear, easy-to-understand policies and procedures and the ability to prioritize competing demands are critical to successfully executing the role. Strong communicator, able to work with people across multiple functions and businesses to audit, manage change and drive improvement