Director - Information Security

Apply for this position

Location

Ardsley, NY, United States

Summary

The Director - Information Security is responsible for providing strategic direction and operational management of Acorda’s information security systems.

Full Description
The Director - Information Security is responsible for providing strategic direction to and operational management of Acorda’s information security systems. This individual possesses an in-depth knowledge of regulatory requirements, as well as Information Security systems, services, best practices, policies, procedures, and controls. The Director - Information Security is knowledgeable of industry trends, and interacts with all levels of management (including the Leadership Team) as well as technicians.

The Director - Information Security provides technical guidance and operational leadership to the security engineering team and other IT staff, and has both a strategic and tactical focus. The strategic focus is around design and long-term planning of networks, platforms, application security technologies, HIPAA, NIST-based security controls, industry best practices, and international regulation. The tactical focus is around day-to-day monitoring of Information Technology security operations to ensure security standards, processes, and best practices are being met. In addition, the Director – Information Security participates as a member of the Information Technology leadership team on initiatives that extend across the department, such as training, budgeting, communication, and project management.

*Essential Duties and Responsibilities include the following. Other duties may be assigned.

  • Strategic
    • Liaises with business owners and stakeholders to identify Information Security risks and create Information Security strategy, policy, practices, and technology.
    • Assures Information Security practices align with regulatory requirements.
    • Provides Information Security requirements for Information Technology initiatives.
    • Liaises with Production Engineering, Facilities Management, and Infrastructure & Operations teams to define and document Information security standards and practices.
    • Researches, evaluates, designs, and recommends new Information Security technologies.
    • Liaises with Legal Department associates to assure contracts and agreements contain Information Security protections where applicable.
    • Evaluates and assesses emerging Information Security threats and vulnerabilities, and designs mitigation strategies.
    • Advocates for Information Security policy, procedures, solutions, and standards for the organization.
  • Governance and Control
    • Implements Information Security risk assessment, governance, and control practices.
    • Oversees the Information Security exception process to ensure resolution plans are appropriately tracked to closure.
    • Interprets and acts on Information Security intelligence and incident reports.
    • Leads Information Security incident analysis and response.
    • Ensures organizational compliance with Information Security standards.
    • Escalates Information Security issues to executive management as appropriate.
    • Creates and presents Security Awareness training for the organization.
    • Provides recommendations for addressing concerns identified in internal audits or external inspections.
  • Reporting
    • Prepares presentations and reports on Information Security trends.
    • Performs Information Security Audits and reports on findings and corrective actions.
    • Develops and reports on Information Security Metrics.
    • Responsible for reviewing large and often complex projects to ensure that Information Security requirements are properly incorporated.
  • Information Technology Leadership
    • Leads the IT Program Management Office (PMO).
    • Provides guidance and oversight for IT Budgeting and Variance Reporting.
    • Coordinates IT communications to the Acorda community.
    • Provides ongoing feedback, development, and performance reviews of staff.


Education and/or Experience:

  • Bachelor's Degree in Computer Science or related field required.
  • Master’s degree in Computer Science, Information Security, or related field preferred.
  • Minimum 8 - 10 years' experience in Information Security within an FDA-regulated industry required.
  • Minimum 5 years' supervisory experience required.

 
Supervisory Responsibilities:

  • The Director – Information Security manages associates in the IT Department, and manages both vendors and consultants.


Qualifications:

  • Good project management and organization skills.
  • Strong interpersonal and written/oral communication skills.
  • In depth knowledge of information security standards such as HIPAA, NIST.
  • General understanding of risk-based assessment methodologies.
  • Working technical knowledge of networks, applications, operating systems, databases, etc.

 
Computer Skills:

  • Must be proficient in Microsoft Office Suite.
  • Working knowledge of Microsoft Project and Visio preferred.
  • Experience with Firewalls, NIDS, SIEM, End Point Security, Mobility Management, Vulnerability Scanning.
  • Strong experience and detailed technical knowledge in security engineering, application security, system and network security, authentication, security protocols, and other security technologies

 
Certificates, Licenses, Registrations:

  • Information Security certification (e.g., CISSP, CISSLP, GIAC, CISA, etc.) preferred.
  • PMP certification preferred.


Other Skills and Abilities:

  • Ability to perform duties independently in a highly dynamic, fast-paced business environment.
  • Demonstrates attention to detail.
  • Excellent written and verbal communication skills.
  • Exhibits superior customer service skills.
  • Strong interpersonal skills


Physical Demands:

The physical demands here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

This position requires minimal travel; average travel for this position is 5-10% with some variation based on demands.


Work Environment:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

No specific work demands.

*To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.