TracFone is seeking an individual for the Sr. Director III, InfoSec role. The individual will be responsible for overseeing the InfoSec community at TracFone, developing security standards, procedures and guidelines in order to effectively protect TracFone’s information. Develop and present to management recommendations that will improve application security and control procedures, enhancing system functionality, improving business processes and reducing costs.
Procedures and Strategical Process
- Contribute to the development of strategic planning initiatives; develop, revise and review security standards, policies and procedures to ensure appropriate security controls are documented; provide support to all System administrators by providing accurate and consistent interpretation of policies.
- Revise policies and procedures as necessary to address technology changes and/or business needs.
- Establish procedures necessary to monitor and ensure compliance with established security policies.
- Define and implement an ongoing risk assessment program; assist with technology infrastructure elements for compliance with enterprise security standards.
- Assist in the preparation of Departmental Budget.
InfoSec Enterprise Risk Management
- Manage the InfoSec functions including remote access exception processing, compliance and monitoring, and security product support.
- Develop, monitor and enforce the information access policies and investigate information access violations or intents.
- Ensure all monitoring tools used by the InfoSec Department are operating properly and capturing the necessary information (i.e., audit trail).
- Identify vulnerabilities that may cause inappropriate or accidental access, destruction or disclosure of information and establish security controls to eliminate or minimize exposures.
- Evaluate the monitoring tools currently used by the InfoSec Department to determine what other steps need to be accomplished to ensure all systems are adequately monitored and alerts are generated.
- Assist in the IT Incident Handling process.
- Assist in the negotiation of vendor contracts that directly affect the InfoSec Department. In addition, maintain a vendor maintenance tickler system.
- Ensure SOX, PCI, HITrust process narratives are proper and reflect the actual process being followed.
- Ensure controls associated with InfoSec are executed to ensure Compliance.
- Supervisory responsibilities: monitor individual performance and perform annual performance reviews. Interview and recommend personnel for new hire.
- Perform security awareness education to promote knowledge of security policies and procedures.
- Work with IT Operations/other IT groups to collaborate on direction and appropriate strategies
- Assist VP/Financial Compliance in other assignments, special projects, etc.
- BS Degree in Computer Science or related technical discipline. A Master’s Degree is preferred
Required Professional certification:
- CISSP (Certified Information Systems Security Professional)
- CISA/CISM (ISACA Certified Information Systems Auditor/Security Manager)
- RHCE (Red Hat Certified Engineer) or Unix equivalent / CEH (Certified Ethical Hacker)
Desired Professional certifications:
Certified Information Systems Security Professional
Computer Hacking Forensic Investigator
Certified Ethical Hacker
Certified Information Security Manager
Licensed Penetration Tester