CAREER SEARCH

View All Jobs at Stericycle

Director Global Security-IT in Chicago,IL at Stericycle

Date Posted: 4/24/2018

Job Snapshot

Job Description


This critical role will be responsible for providing leadership and direction related to the development, deployment, and management of security, threat, and risk management area solutions. This role will also partner with Stericycle Business Units for areas relating to all aspects of Information Security, Data Privacy Compliance, Information Governance Coordination and Information Risk Auditing, including Audits (Internal, External) and Site Certifications. The incumbent will serve as a leader and mentor to other teams across Stericycle.
1) Provide overall global information security management direction across all Stericycle Enterprise to create a global security roadmap for Stericycle.
2) Drive the development and communication of policies, procedures, and guidelines that are necessary to implement appropriate processes for access control, monitoring, vulnerability management, configuration management, etc.
3) Partner with all IT teams to develop and implement controls and configurations aligned with security standards and policies, along with legal, regulatory and audit requirements; ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software being integrated into Stericycle. Ensure that there is a convergence of business, technical and security requirements and align existing technical installed base and skills with future architectural requirements.
4) Implement and maintain processes which promote operational efficiencies and quality services. Provide interpretation and input to internal policies and procedures, organizational structures and productivity standards and overseeing compliance to these standards.
5) Collaborate with IT staff to develop and ensure internal controls are in place and coordinate the implementation and documentation of technical controls to support and enforce defined security policies.
6) Manage relationships with third party providers of service delivery and security monitoring and/or tools to ensure assets are being protected. Create a program for continuous assessment of infor-mation security practices with partners and service/vendor providers.
7) Lead efforts to meet customer security requirements and respond to customer assessments.
8) Participate with external parties such as customer, prospective customers, auditors, or regulators during IT reviews, security assessments, and/or security incident investigations. Monitor the internal state of security on an on-going basis for continuous improvement.
9) Provide security subject matter expertise for projects, both technical and business, including in-volvement in requirements development, process/system selection and design, and implementation and training. Maintain a knowledgebase comprising of emerging technologies, security advisories and alerts, information on security trends and practices, and laws and regulations.
10) Assist and guide disaster recovery planning in the selection of recovery strategies and the develop-ment, testing and maintenance of disaster recovery plans.
11) Provide technology vision, enable innovation, and understand and implement the technology trends that can create business value.

Job Requirements


Bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred. Certification from CISSP or CISM/CISA.
A minimum of ten years of IT Security experience in roles of progressively increasing responsibility; 3 or more years in a management capacity.
Extensive knowledge of threats, risk analysis and the development of security systems and protocols. Experience developing and maintaining policies, procedures, standards and guidelines.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Extensive understanding of digital investigations and underlying principles. Applicable fields of digital investigations include: computer forensics, network forensics, mobile forensics, e-discovery, malware analysis, memory analysis, and a strong understanding of information security principles.
Demonstrated understanding of malware and ability to perform behavioral analysis is required.
Demonstrated understanding of threat vectors and related artifacts subsequently left behind and methods of re-trieving and interpreting them.
Security and forensic related certifications strongly preferred.
Experience with information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
Excellent verbal and written communication skills.
Experience in system technology security testing (vulnerability scanning and penetration testing).

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.