Information Security Director - Invitation Homes - Dallas, TX - EXPIRED
This is an archive of an expired job.
Company: Invitation Homes
Under general direction of the Chief Information Officer, the Director, Information Security, develops, implements and maintains enterprise-wide information security standards, procedures and policies. The Director, Information Security works in concert with the technology management team, the risk management function and the Chief Legal Officer to establish, plan and administer the overall policies, goals and procedures for the information security function. The Director, Information Security develops security requirements for, participates in and provides oversight for the disaster recovery programs and the Security Incident Response Plan. Also, this position performs periodic information risk assessment on a regular time schedule and promotes information security awareness and training within the organization.
Essential Job Duties and Responsibilities
- Develop and maintain an effective Security Incident Response Plan.
- Identify gaps in compliance with Sarbanes–Oxley (SOX), International Organization for Standardization (ISO), Payment Card Industry (PCI) and other standards and recommend management action plans to close those gaps.
- Develop, implement and manage the overall enterprise process for security strategy and associated architecture and engineering standards.
- Identify information security goals, objectives and metrics consistent with corporate security initiatives and work with leadership to prioritize security initiatives and spending based on appropriate risk management.
- Participate in development and implementation of Business Continuity plans.
- Organize periodic tests of security and disaster preparedness and report results to leadership.
- Oversee the security review of applications and/or technologies during the development or acquisition process to: (a) assure compliance with corporate security policies and directives and, (b) assist in the overall integration process regarding Invitation Homes' own technology environment.
- Develop, manage and deliver a continuous corporate security awareness and training program.
- Organize software developer information security training.
- Serve as point of contact for external and internal information security reviews and compliance audits.
- Work closely with leadership, business managers and others as appropriate to understand Company requirements related to security and regulatory compliance, and to map those requirements to current security projects.
- Define and implement an ongoing Invitation Homes Risk Assessment program which will define, identify and classify critical assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
- Establish a governance/change management process that documents, evaluates and assesses security risk related to changes to the Company IT environment and ensure risk is reported/escalated to management as necessary.
- Provide direction and direct input on architecture and design of infrastructure and application related initiatives.
- Provide direction and leadership over information security operations and initiatives.
- Manage relationships with key stakeholders across business lines.
- Provide guidance, trouble shooting and tier 3 support to critical infrastructure production support issues.
- Develop Security Infrastructure roadmap planning and management.
- Provide assistance to staff on their assigned projects.
- Report on security metrics and establish a monthly reporting cadence to track incidents, exposures and remediation plans.
- Perform other job duties as assigned.
Education and/or Experience
- Bachelor’s Degree in Computer Sciences required.
- Master’s Degree preferred.
- Minimum 5 years’ relevant experience required, with five years’ experience managing information security professionals.
- Ability to read, write, understand and communicate in English.
- Prior experience with business continuity planning, auditing and risk management, as well as contract and vendor negotiation.
- Expert knowledge of information security technology and defensive solutions.
- Knowledge of applicable practices and laws relating to data privacy and protection.
- Demonstrated analytical and problem-solving skills.
- Ability to effectively prioritize and execute tasks in a dynamic environment.
- Excellent written and verbal communication skills.
- Ability to work effectively with others at all levels of the organization.
- Superior organizational skills, with the ability to manage multiple priorities.
- Proven project management skills.
- Proficiency with Microsoft Office, including Word, Excel, Outlook and PowerPoint.
- Knowledge of ITIL best practices for delivery of IT services.
Required Licenses or Certifications
- CISSP, CISM CISA or other widely recognized security certification.
- Must maintain professional appearance.
- Ability to be at work on a regular and consistent basis.