Director, Information Security in Englewood, CO, US at TTEC

Date Posted: 1/12/2018

Job Snapshot

Job Description

Position :  Director, Information Security (Governance, Risk and Compliance)  
Immediate Supervisor :  VP, Chief Information Security Officer (CISO)
 
General Purpose : The Director, Information Security is responsible for defining, advocating, implementing, monitoring and enforcing information Governance, Risk, and Compliance (GRC) standards and policies for four distinct TTEC (formerly TeleTech) businesses in 25 countries on five continents.  Reporting to the VP, Chief Information Security Officer (CISO), the Director, Information Security will have responsibilities for maintaining the information security and controls around the globe in accordance with best practices and most cost-effective measures that align with regulatory and client requirements of the business and the risk posture of the enterprise. The Director, Information Security serves as process owner of all information security assurance activities related to Governance, Risk and Compliance.  This position requires a leader who can lead our information security function not only for the business as it stands today, but also for the business as it evolves and transforms in accordance with TTEC (formerly TeleTech) strategy. The Director, Information Security is a directing manager in security and compliance for corporate business goals and IT initiatives and demonstrates expertise in successfully building business cases and promoting leadership in all areas of client programs regarding security and compliance requirements and responsibilities.
 
Responsibilities :
  • Establishes strategy and execution plan for TTEC's (formerly Teletech) global Governance, Risk Management and Compliance requirements.
  • Oversees risk evaluation and compliance of IT and operational systems.
  •  Assembles and mentors a team of professionals to oversee cost effective GRC strategies for tools, monitoring, policies, security training, and awareness. 
  • Collaborates with internal and external auditors and business owners to conduct compliance audits, penetration and vulnerability testing/remediation oversight and reporting as required by stakeholder groups.
  • Provides leadership and guidance to all of TTEC's (formerly Teletech) business stakeholders (i.e. sales and client support organizations), technical custodians along with other functions.
  • Coordinates corporate compliance with the Payment Card Industry Data Security Standards (PCI DSS) and assists in maturing the PCI program.
  • Coordinates corporate compliance with the HITRUST Alliance’s Common Security Framework (CSF) and assists in maturing the overall healthcare vertical’s associated control implementations.
  • Establishes information security policies and their endorsement by executive management team and the Board. Enforcement of best in class information security policies, standards and guidelines.
  • Conducts application risk assessments based upon NIST’s Cybersecurity framework.  Identifies and evaluates mitigating controls and oversees, analyzes and aggregates results, and provides regular reporting to business unit management, executive leadership and the global accounting team.
  • Maintains a risk management framework and methodology.  Periodically reviews the risk scenarios relative to emerging trends and threats, changes in the organizational landscape, and risk management best practices and adjusts the framework and methodology as necessary
  • Provides regular status of the information security/GRC programs to the Chief Information Security Officer (CISO).
  • Provides strategic risk guidance for IT projects, including the evaluation and recommendation of controls.
  • Coordinates nformation security and risk management initiatives with resources from the IT organization and business unit teams.
  • Pro-actively partners with key stakeholder groups such as corporate compliance, audit, legal and Human Capital management teams.
  • Monitors the external threat environment for and anticipating emerging threats, and proactively advise relevant stakeholders on the appropriate courses of action.
  • Develops and oversees effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event



 
Qualifications :
 
  • Bachelor’s Degree in Information Security, Computer Science, Information Management Systems, or related field or equivalent in relevant work experience.
  • Master's Degree preferable.
  • Thorough understanding of IT and information security regulations and compliance requirements, including PCI, SOX IT General Controls, and SSAE16 SOC1 and SOC2.
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Must be flexible, collaborative, and innovative and able to function effectively in a rapidly evolving multi-priority environment with lean budgets and high expectations.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Ability to set goals and lead and motivate cross-functional, interdisciplinary teams to achieve strategic goals.
  • Enthusiasm and intellectual curiosity to grow professionally and live TTEC (formerly TeleTech) values

 
CERTIFICATIONS
  • Security certifications such as Certified Information Systems Security Professional (CISSP(ISC2))
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Ethical Hacker (CEH)
  • Certified Information Systems Auditor (CISA),
  • Certified Information Security Manager (CISM),
  • Global Information Assurance Certification, and/or GIAC Security Essentials Certification (GSEC).
  • Insider Threat Program Manager (ITPM)
  • Desired - Insider Threat Vulnerability Assessor (ITVA)
  • Desired - Risk Management Framework – Certified Risk Management Professional
  • Desired - Carnegie Mellon Insider Threat Program Management Certification
  • Desired - PMP or equivalent certification



Notice to external Recruiters and Recruitment Agencies : TTEC (formerly TeleTech) does not accept unsolicited headhunter and agency resumes. Headhunters and recruitment agencies may not submit resumes/CVs through this web site or directly to any employee. TTEC (formerly TeleTech), and any of our subsidiaries, will not pay fees to any third-party agency or company that does not have a signed agreement with TTEC (formerly TeleTech).
 
 
Employment Requirements : TTEC (formerly TeleTech) requires all employees hired in the United States to successfully pass a background check and depending on location and client program a drug test, as a condition of employment. TTEC (formerly TeleTech) is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

CHECK OUT OUR SIMILAR JOBS

  1. IT Jobs
  2. IT Manager Jobs