This position is an in-office role based in Phoenix, Arizona. It is the primary stakeholder responsible for formulating, implementing, and operationally supporting cybersecurity policies and procedures to protect the company from external and internal threats. The Director, Information Security will develop and implement Information Security and Disaster Recovery programs to minimize risk and exposure. This includes creating new concepts, methods, and strategies that drive continuous improvements in the company's security posture. The role requires hands-on leadership in planning, developing, and implementing Information Security frameworks, methodologies, policies, standards, and procedures related to operational risk management and IT audit processes.
The successful candidate will actively monitor the security environment, identify potential threats, and respond to intrusion attempts to defend against cyber risks. Alongside technical requirements, the Director will also communicate effectively with various stakeholders, identify improvement areas, and work closely with cross-functional teams to orchestrate mitigation plans. This position will serve as the primary contact for all SOX IT Audit activities, coordinating with Internal Audit, external auditors, IT, and business units to identify and address potential SOX gaps or deficiencies.
ESSENTIAL DUTIES & RESPONSIBILITIES
Lead and coordinate the development of the Information Security improvement plan, identifying strategic goals and paths to achieve them.
Cultivate and maintain stakeholder relationships across the organization, identifying cybersecurity threats and establishing remediation activities.
Manage the SOX and IT Audit process, particularly in a public company environment, to address gap remediation and foster long-term improvements in systems/applications.
Collaborate with senior management and business units to assess and support organizational risk mitigation needs through strategic and quality review solutions.
Evaluate past InfoSec assessments, develop corrective action plans, integrate roadmap solutions, and regularly report on recommendations.
Partner with the business to measure and assess the success of risk programs, ensuring adherence to information security frameworks, policies, and best practices.
Stay current on regulatory compliance standards, security trends, and best practices, and integrate these standards with minimal impact on business operations.
Implement Disaster Recovery (DR) and Business Continuity Planning (BCP) improvements for critical applications and platforms.
In collaboration with the Chief Information Officer (CIO), oversee partner/vendor contracts, negotiations, and SLA adherence.
MINIMUM QUALIFICATIONS
Bachelor's degree in a technical or business field preferred; Master's degree or MBA is a plus.
Current cybersecurity certifications (e.g., CISSP, CISM, CISA) indicating knowledge of security frameworks and best practices.
15+ years of experience in Information Security, with 8+ years in a leadership role, preferably in a public company environment.
Proven ability to communicate effectively with technical and non-technical stakeholders across various business units.
Experience in Security Operations (e.g., AV/Malware, SIEM, DLP, patch management) with a focus on consistent SLA performance.
Proficiency in log collection and analysis for investigations.
Skilled in developing InfoSec dashboards and metrics environments to identify gaps and improvements.
Recent experience in incident and crisis response implementation across multiple business units.
Strong background in risk evaluation and management.
Demonstrated knowledge of data security and compliance controls.
Ability to present a strategic vision aligning with corporate objectives, inspiring teams across the organization.
Excellent verbal and written communication skills, with the ability to present Security metrics to executive and business leaders; Board exposure is a plus.
Ability to travel up to 20%.
Work Environment: This position requires full-time, on-site presence in the Phoenix office. Remote work or telecommuting options are not available for this role.