Information Security Director jobs in Boston, MA

Overview

Since our founding in 1982, we’re proud that the culture we’ve built as a 100% employee-owned company as we have been recognized with over 70 Best Place to Work awards—including Best Workplace by Fortune Magazine three years in a row, Fortune Best Workplace for Women, Fortune Best Workplace for Millennials, Great Place to Work’s Best Workplace for Parents, and one of America’s Best Employers by Forbes.  At Shawmut, you will have the opportunity to own your career and deliver impact within our culture of ownership and innovation focused around providing the gold standard of client service for the world’s most recognizable and elite brands and institutions.

Here is a glimpse at what we are offering: 

• Health, Life, Long/Short Term Disability Insurance including Dental and Vision
• 401K with Match
• Generous Paid Time Off policy
• ESOP – be an employee owner!
• The Extras: cell phone, laptop, tuition reimbursement, discounted gym membership, pet insurance, auto & homeowner (mortgage network & insurance savings) and many more

The Director of Information Security is responsible for developing, maintaining, and communicating the Information Security Program. Initiatives are identified and defined based on a risk-oriented approach to mitigating threats and reducing exposures, and include defining strategic direction, security best practices, risk assessment, mitigation for threats (technology, process, or training), and metrics.

Responsibilities

Shawmut Design and Construction’s information security program will ensure appropriate physical, administrative, and technical controls over data and technology assets in compliance with regulatory, contractual and management requirements. Specific responsibilities include defining and implementing program governance, policies and standards development, security and privacy training and awareness, security solutions oversight, monitoring of third-party alerts, vulnerability and risk assessment, incident response, and reporting.

Develop, publish, and maintain comprehensive organization-wide information security strategy, plans, policies, procedures, and guidelines for protecting data, hardware, and the network.

• Develop, administer, and maintain an information security training and awareness program that addresses business risks as well as regulatory and contractual requirements.
• Collaborate with IT and business leaders to define, communicate and prioritize risk mitigation initiatives.
• Oversee the integration and deployment of company-wide security solutions. Monitor security alerts and determine whether reported threats could impact company information or systems. Communicate applicable alerts to IT to address.
• Identify compliance initiatives in light of regulatory requirements defined for the security of information.
• Develop a risk-oriented approach to threat management. Oversee or perform specific risk assessments and develop recommendations to mitigate threats.
• Assess audit and assessment results; partner with IT to develop and maintain best practices for security of all internal systems.
• Investigate security incidents (e.g., breaches, fraud); develop enhancements to prevent future occurrence.

Qualifications

• Experience: At least 10 years information security and/or audit experience as a program manager or other management role driving technology, regulatory compliance, audit, or Information Security activities.
• Education: Bachelor's degree (Masters preferred) in technology, risk or control-related degree or a related field or equivalent experience.
• Certifications (preferred): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Protection Professional (CPP).
• Additional Role Specific Skills:
  • Experience with development of risk management strategic initiatives
  • Experience with regulatory compliance initiatives (HIPAA, Massachusetts Data Privacy, CPA, etc.)
  • Experience in performing assessments for risk or compliance and defining recommendations and initiatives to address findings.
  • Thorough knowledge and understanding of the Cyber Security marketplace. Ability to adequately maintain an up-to-date knowledge of the information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Maintain professional relations with other information security professionals through structured information security organizations and informal networking. Promote individual knowledge through public presentations and speaking engagements.

Shawmut prohibits discrimination against any staff member or applicant on the basis of race, color, sex, sexual orientation, gender identity/expression, age, religion, national origin, marital status, veteran status, pregnancy, physical or mental disability, genetic information, disability, creed, citizenship status, or any other legally protected characteristic.