Reporting to the CEO, the Director of Security will be responsible managing the Company"s physical and logical security programs to mitigate risks, vulnerabilities, and threats that could lead to business disruptions and financial loss.
Will be responsible for all aspects of maintaining both physical and information security in a highly secure and regulated environment. Previous experience in a security role dealing with both physical and logical security is desirable.
* Directly involved with, or oversee four (4) main areas: Physical, Logical, Compliance, and Fraud
* Maintaining PCI Level 1 Service Provider/Merchant compliance, including managing PCI-DSS and PCI Card Production and Provisioning compliance and passing annual assessments performed by an external QSA
* Maintain and enforce Company security policies and procedures
* Audit physical and logical programs, review findings, recommend and perform corrective actions
* Oversee penetration testing and web application vulnerability testing for all company properties
* Perform incident response activities for any physical or logical security incidents, including containment, investigation, remediation, and reporting
* Work with IT staff identify and mitigate security vulnerabilities and audit information security processes and procedures
* Manage and test Disaster Recovery, Business Continuity, and Incident Response programs
* Responsible for the physical security of a high security manufacturing facility
* Manages the security guard staff, fill in as needed to monitor physical security, and manage the access control system
* Develop and implement training programs for the security guard staff, manufacturing personnel, developers, and company users
* Maintain working relationship with security vendors to provide the highest quality of service
* Provide risk analysis for all physical and logical security
* Immediately report any logical or physical security incidents directly to the CEO
* Assume other responsibilities as assigned
* Responsible for maintaining compliance with physical and logical security regulations governing card personalization vendors
Experience required for this position
* Post high school degree in a related field such as Criminal Justice or Information Security and a minimum of 10 years relevant work experience.
* Ability to work independently and make decisions regarding a high security facility and IT environment yet act as part of a team.
* Be able to manage cross-functional teams to meet security goals and requirements.
* On-call and non-standard business hours work may be required.
* Must be highly organized; security conscious; able to write quality, readable documentation; adhere to change management policy and procedures.
* Must be proficient and possess a minimum of 10 years" experience in a majority of the following:
* PCI DSS Compliance
* Compliance with payment network security regulations for vendors
* Access Control System Management
* Previous Management Experience
* Project Management
* Previous experience being audited
* Conducted internal audits
Ideal qualifications are Certified Information System Security Professional (CISSP) or other security related certifications; and working experience with web application development teams and secure coding practices is desirable.