Sr. Director Information SecurityMinneapolis, Minnesota Apply
The Sr. Director - Information Security is responsible for security strategy, security program oversight and security architecture development and implementation for the organization. The role covers all security technologies and services, physical and logical access control, and user profile management. The Sr. Director - Information Security also has responsibility for all data/information security policies, standards, evaluations, roles, and organizational awareness. The Sr. Director - Information Security will lead and work closely with a security committee to ensure that technological and physical access controls and policies meet the organization's data security requirements.
The Sr. Director - Information Security is responsible for managing data and information risks related to product development, technology solutions, crisis management, data privacy and regulatory compliance. The role also directs the adoption and implementation of policies and procedures, manages cyber threat analysis activities and guides the development of the information security technical architecture and security standards, controls, procedures and guidelines for the computer platforms, applications and networks including utilization of cloud technologies.
The Sr. Director - Information Security is responsible for all security audits, internal, required by customers and governmental agencies.
- Develop, manage and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
- Develop an IT security architecture roadmap that will identify security controls and identify and assess current and new technologies that will enforce the organization’s security priorities.
- Identify, assess, and prioritize IT risks to data and systems, including external threats, cyber-crimes, internal threats and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
- Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
- Coordinate information security and risk management projects with technology and operations groups as well as business teams.
- Work with Functional Areas to implement practices that meet defined policies and standards for information security.
- Establish and implement a process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident.
- Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security or disaster event.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Define and facilitate the information security risk assessment process and work effectively with technology group in implementation of security measures.
- Direct the preparation activities to support HITRUST, SOC-2, customer and other audits.
- Develop, maintain, and promote information security policies, standards and guidelines.
- Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
- 10+ years of experience in a combination of risk management, information security and information technology fields, preferred history must demonstrate increasing levels of responsibility.
- Bachelor’s degree in information security, Computer Science, Management of Information Systems, or related field required. Masters preferred.
Knowledge, Skills & Abilities:
- Demonstrated leadership experience, with a proven track record of building, developing and coaching team members.
- Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Experience in collaborating with internal / external auditors and senior company management.
- Strong process discipline in a continuous improvement environment. Experience managing cost center and departmental financial functions like budgets, etc.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Behaves calmly and competently in high-pressure, high-stress situations.
- Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines.
- Knowledge of common information security management frameworks, such as NIST.
Sleep Number is an equal opportunity employer, committed to recruiting, hiring and promoting qualified people of all backgrounds, regardless of sex; race; color; creed; national origin; religion; age; marital status; pregnancy; physical, mental, communicative or sensory disability; sexual orientation; gender identity or any other basis protected by federal, state or local law.
Recently Viewed jobs
No jobs have been viewed recently.
Sorry, you do not have any saved jobs.
“Sleep is integral to a happy healthy lifestyle and it has such a huge impact on everyday life. Sleep Number is a unique company to work for because you’re truly helping people.”Sophia, Customer Service Representative