Job Summary:
Provides the vision and leadership for developing, implementing, and integrating large components of the information security program into the Synovus business and technical environment. Often, the director supports these initiatives in a HANDS-ON manner to ensure a smooth and effective running of the extended IT / IS infrastructure. In this role, the director is responsible for development, direction, implementation and enforcement of enterprise-wide Information Security programs, technologies, policies and standards in line with business objectives. The individual must be an expert consultant with the ability to provide senior executives recommendations on major strategic and tactical projects to ensure compliance with regulatory requirements AND also meet business objectives in a balanced, risk management approach. Here, the individual must have the ability to analyze the needs of different business units and leverage specific security knowledge to determine alternative solutions to meet business objectives. Has broad responsibility to interface with internal and external clients, audit agencies, and regulatory entities to establish communication, cooperation and risk management in-line with the risk tolerance of the corporation. The job holder is responsible for providing senior level leadership to subordinates including assigning and managing work, monitoring performance and conducting performance appraisals. Other responsibilities include managing financial budget for assigned area and other senior level duties, as assigned. This individual is viewed as a strong leader that can implement and influence change and move the organization forward.
Job Duties and Responsibilities:
- Partners with the CISO, executives, information technology executives, business unit leaders, external partners, regulators, auditors and suppliers to establish strategic direction of information risk / information security to enhance business operations.
- Liaises with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
- As a leader, the director must have the ability to inspire commitment across the assigned unit; this includes but is not limited to: developing and communicating logical and convincing justifications, including lessons learned, that build commitment and support for one's perspectives and initiatives; building diverse, high-performing teams that accomplish organizational change, goals, and priorities; ensures strategies, change initiatives, and competitive information are communicated in clear and compelling ways; serves as an advocate for proactive planning and continuous improvement; sets and communicates clear and aligned goals, monitors progress, and accepts accountability.
- Ability to be a change agent mainly through business acumen, with a reliance on technical knowledge.
- Implements security system plans; directs the development, release, and maintenance of company business security systems that protect applications and infrastructure systems and/or assumes system support leadership.
- Must have an in-depth knowledge of security systems and applications and a strong foundation in multiple core areas of information security. Must also have a thorough understanding of control and risk management concepts.
- Stays abreast of industry, regulatory and company changes and/or trends as they relate to financial services, information management, information security, technological standards and trends, and IT efficiencies; proactively assesses the present and future impact to the enterprise and ensure support planning is conducted; works with key stakeholders to develop and execute a business contingency plan that provides for prompt, efficient and seamless responses, to include strong communication and action plans that assures the company remains in compliance. Keeps the assigned executives informed.
- Defines and communicates assigned security architecture in technical and business terms.
- Leads high visibility projects that require collaboration with other stakeholders, including security management to develop and implement consensual decisions.
- Forms a "centre of excellence" for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively.
- Promotes ethics and compliance; builds and sustains an environment where adherence to and reinforcement of the highest standards of integrity and ethics are the norm. Identifies opportunities and takes action to enhance compliance within own organization. Ensures enterprise leaders receive the communication and instruction needed to act in accordance with established policies and procedures. Promotes reputation and social responsibility; seeks out and maintains external relationships and alliances, strengthening the organization's impact on and reputation in the community.
- Oversees the functional activities of the assigned IS functions. Creates teams for facilitating effective communication of available skills, information, and knowledge throughout the enterprise. Analyzes enterprise program requirements and anticipates staffing resources needed to meet objectives. Provides leadership, direction and growth opportunities to members of the department, performing those responsibilities in accordance with the Company's policies and applicable laws. Responsible for interviewing, hiring, planning, assigning and/or directing work, appraising performance, disciplining team members and resolving problems. Works with the Human Resources Department to resolve more complex team member-related issues. Develops and acquires talent.
- Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise and report known or suspected violations to the appropriate Company authority in a timely fashion.
- Performs other related duties as required.
The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Minimum Education: Bachelor's Degree in Computer Science, Information Systems, Business Administration or related field.
Minimum Experience: 12 years of Information Security / Information Technology and business/industry work experience to include the development, implementation, integration and maintenance of solutions across multiple hardware and software application and infrastructure platforms. 4+ years of experience in managing multiple, medium to large cross-functional teams and projects.
Required Knowledge, Skills, & Abilities:
- In depth understanding of governance, compliance and audit regulations related to the financial services industry. (FDIC,OCC,FINRA,GLBA,SOX,PCI,CFPB)
- Proven ability in designing/implementing complex information systems, network security controls, and secure application architecture.
- Knowledge of a variety of technology solutions, products, services, standards, and best practices.
- Understands security and technology architecture with in-depth hands on experience in at least one area of technology.
- Knowledge of information security and technology development strategies.
- Exceptional project management skills and the ability to organize, plan, execute large-scale projects with the ability to break down complex problems into phased approaches, considering resourcing and alternative staffing approaches.
- Exceptional verbal and written communication skills, interpersonal and collaborative skills, and the ability to communicate security-related concepts to a broad range of technical and non-technical staff.
- Exceptional analytical, problem-solving, and conceptual skills, high degree of initiative, dependability and the ability to work with little supervision.
- Strong teamwork and interpersonal skills, and the ability to communicate and influence IT and business unit leaders.
- Ability to analyze project and business needs and determine resources needed to meet objectives.
- Ability to lead dynamically and energize multi-discipline work teams to learn and apply new skills/techniques to respond to business needs.
- Understanding of Auditing Frameworks (ISO27001, ISO27002, ISO17799) and their successful implementation in a dynamic organization.
Preferred Knowledge, Skills, & Abilities:
- Financial services industry experience
- Master's Degree
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
#J-18808-Ljbffr