Director - Information Security
Apply for this position
Ardsley, NY, United States
The Director - Information Security is responsible for providing strategic direction and operational management of Acorda’s information security systems.
The Director - Information Security is responsible for providing strategic direction to and operational management of Acorda’s information security systems. This individual possesses an in-depth knowledge of regulatory requirements, as well as Information Security systems, services, best practices, policies, procedures, and controls. The Director - Information Security is knowledgeable of industry trends, and interacts with all levels of management (including the Leadership Team) as well as technicians.
The Director - Information Security provides technical guidance and operational leadership to the security engineering team and other IT staff, and has both a strategic and tactical focus. The strategic focus is around design and long-term planning of networks, platforms, application security technologies, HIPAA, NIST-based security controls, industry best practices, and international regulation. The tactical focus is around day-to-day monitoring of Information Technology security operations to ensure security standards, processes, and best practices are being met. In addition, the Director – Information Security participates as a member of the Information Technology leadership team on initiatives that extend across the department, such as training, budgeting, communication, and project management.
*Essential Duties and Responsibilities include the following. Other duties may be assigned.
- Liaises with business owners and stakeholders to identify Information Security risks and create Information Security strategy, policy, practices, and technology.
- Assures Information Security practices align with regulatory requirements.
- Provides Information Security requirements for Information Technology initiatives.
- Liaises with Production Engineering, Facilities Management, and Infrastructure & Operations teams to define and document Information security standards and practices.
- Researches, evaluates, designs, and recommends new Information Security technologies.
- Liaises with Legal Department associates to assure contracts and agreements contain Information Security protections where applicable.
- Evaluates and assesses emerging Information Security threats and vulnerabilities, and designs mitigation strategies.
- Advocates for Information Security policy, procedures, solutions, and standards for the organization.
- Governance and Control
- Implements Information Security risk assessment, governance, and control practices.
- Oversees the Information Security exception process to ensure resolution plans are appropriately tracked to closure.
- Interprets and acts on Information Security intelligence and incident reports.
- Leads Information Security incident analysis and response.
- Ensures organizational compliance with Information Security standards.
- Escalates Information Security issues to executive management as appropriate.
- Creates and presents Security Awareness training for the organization.
- Provides recommendations for addressing concerns identified in internal audits or external inspections.
- Prepares presentations and reports on Information Security trends.
- Performs Information Security Audits and reports on findings and corrective actions.
- Develops and reports on Information Security Metrics.
- Responsible for reviewing large and often complex projects to ensure that Information Security requirements are properly incorporated.
- Information Technology Leadership
- Leads the IT Program Management Office (PMO).
- Provides guidance and oversight for IT Budgeting and Variance Reporting.
- Coordinates IT communications to the Acorda community.
- Provides ongoing feedback, development, and performance reviews of staff.
Education and/or Experience:
- Bachelor's Degree in Computer Science or related field required.
- Master’s degree in Computer Science, Information Security, or related field preferred.
- Minimum 8 - 10 years' experience in Information Security within an FDA-regulated industry required.
- Minimum 5 years' supervisory experience required.
- The Director – Information Security manages associates in the IT Department, and manages both vendors and consultants.
- Good project management and organization skills.
- Strong interpersonal and written/oral communication skills.
- In depth knowledge of information security standards such as HIPAA, NIST.
- General understanding of risk-based assessment methodologies.
- Working technical knowledge of networks, applications, operating systems, databases, etc.
- Must be proficient in Microsoft Office Suite.
- Working knowledge of Microsoft Project and Visio preferred.
- Experience with Firewalls, NIDS, SIEM, End Point Security, Mobility Management, Vulnerability Scanning.
- Strong experience and detailed technical knowledge in security engineering, application security, system and network security, authentication, security protocols, and other security technologies
Certificates, Licenses, Registrations:
- Information Security certification (e.g., CISSP, CISSLP, GIAC, CISA, etc.) preferred.
- PMP certification preferred.
Other Skills and Abilities:
- Ability to perform duties independently in a highly dynamic, fast-paced business environment.
- Demonstrates attention to detail.
- Excellent written and verbal communication skills.
- Exhibits superior customer service skills.
- Strong interpersonal skills
The physical demands here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
This position requires minimal travel; average travel for this position is 5-10% with some variation based on demands.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.
No specific work demands.
*To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.