IT Security and Compliance Director
IT Security and Compliance Director
Purpose: This position will be responsible for securing all technology and ensuring IT compliance, companywide. There are two primary components of this position: 1) IT Security, 2) IT Compliance and Audit.
This role will have responsibility for all IT security and compliance related projects and processes within the business including process creation, development, implementation, monitoring and improvement, and any other security and/or compliance related assignments as business needs require.
• Develop a security governance program and security projects that address identified risks and business security requirements and present to CIO.
• Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CIO with a realistic overview of risks and threats in the enterprise environment.
• Work with the CIO to develop budget projections based on short and long-term goals and objectives.
• Manage and report on compliance with security policies, as well as the enforcement of policies within the IT department. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Define appropriate procedures for securing and testing the Swire network from internal and external attacks. Facilitate and manage 3rd party external and internal network security testing.
• Monitor security appliances and applications such as firewalls, anti-virus programs, filtering utilities and other solutions to block harmful and inappropriate apps, programs, websites and otherwise harmful content from entering or existing within the network. Test the system through use of “phishing” email, social engineering, and other known exploits that currently exist and implement changes based on results.
• Manage, implement, test, configure and monitor network security, including password complexity, two-factor authentication, and any other processes, for access to systems with sensitive and critical information. Monitor and test to verify security of not only Swire’s local systems, but also of vendors/partners including CONA. Streamline the user experience while maintaining adequate application, data, and network security.
• Work with all applicable departments and functional groups, via change control, to minimize business impact and accomplish desired results. Understand CSA compliance process and controls within IT department. Identify required changes necessary within each control and create detailed plan to achieve expected results for each control.
• Maintain IT Security Incident Response plan to ensure the plan is documented, communicated, and is consistent with the SCCU’s overall IMCR (incident Management/Critical Response) process.
• Bachelor’s degree or higher required.
• 10+ years’ experience in IT field required.
• 3 years Network Security experience required.
• 3 years Audit and Compliance experience required.
• 3 years Microsoft Windows/Server OS experience required.
• Understanding of network firewall management required.
• Understanding of network and network systems required.
• Knowledge of firewall set-up, configuration and maintenance required.
• English required, Mandarin and/or Cantonese is a plus.
• Strong analytical skills and strong attention to detail.
• Strong time management skills. Self-starter who can prioritize work and estimate effort required.
• Must be able to communicate effectively in speech, group presentations and writing.
• Ability to work with others in both individual and team settings.
• Facilitate meetings, define and communicate goals and measure success.
• Position will require interaction with employees and vendors at all levels, including senior management.
• Travel as business needs require.
• Extended hours as business needs require.
• Certifications (recommended): CISSP, SANS, Security+, ISACA, CREST, and/or other vendor-specific certifications preferred.
• 3 years SAP authorization experience.
• Active Directory administration knowledge.
• Two factor authentication knowledge.
• Knowledge of SAP authorizations.
• Familiarity with PCI (payment card industry) technical requirements.
• Knowledge of penetration testing protocols.
• Project Management experience.