Director Information Security

  • Full-time
  • Verisk Business: Verisk 3E

Company Description

Intelligent compliance. Sustainable progress. A safer world. At 3E we help our clients ensure safety, compliance and sustainability. We provide actionable intelligence and solutions that empower safer, more sustainable products and business processes.

Job Description

As the Director of Information Security, you are responsible for leading the global information security and risk management functions of 3E. In the role, you will develop and execute short-term plans and longer-range strategies to mitigate cyber risk by leveraging program maturity assessments, operational reporting, and industry trends. You will also work across teams to ensure alignment with best practices and deliver security enhancement projects. You will lead international teams and projects that are complex in nature and/or of strategic importance. You will have a small number of direct reports consisting of security architects, engineers, and analysts. This is a unique opportunity to lead and develop a motivated team of security professionals.

 

Essential Functions:

  • Leads the day-to-day activities of our information security team. Responsible for the daily activities, priorities, and coordination of work across management, technical staff, and consultants.
  • Evaluates the enterprise-wide information security program, identifies gaps, executes short-term corrective plans, develops long-range strategies, and reports on program health to internal and external stakeholders, executive leadership and the Board of Directors ensuring alignment with overall business plans.
  • Partner with Product & Engineering leadership for the development, planning, and execution of major security initiatives. Support 3E’s secure Software Development Lifecycle.
  • Develop and implement security policies, protocols, and procedures.
  • Responsible and accountable for establishing, updating, and delivering security awareness and training programs across the enterprise.
  • Oversees all security audits and tasks. Participates in the technical aspects of all security-related audits and supports internally and externally managed audit activities.
  • Provide guidance on information security challenges, best practices, and vulnerabilities to IT, development, and business unit teams.
  • Responsible and accountable for the hiring, development, and performance management of staff within the security organization.
  • Define and regularly report on Key Performance Indicators to report on the effectiveness of the information security program.
  • Maintain subject matter expertise in enterprise security tools usage and continuous improvements.
  • Participate in enterprise security program design, product selection research and evaluations.
  • Perform business impact analysis and ensure appropriate business continuity plans are in place.

Qualifications

  • 10+ years IT experience with at least 5 in information security and/or information risk management space.
  • 5+ years leadership experience that includes development and management of team members.
  • Strong demonstrated understanding of IT/security technologies, cloud solutions (AWS preferred), and enterprise systems.
  • Excellent communication skills with experience interacting and presenting to staff and leaders across technology and business areas, including executive leadership.
  • Experience planning and controlling projects that deliver advanced security program maturity.
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • A self-starter, who can efficiently manage, prioritize and complete assignments with little or no technical direction.    
  • Excellent oral, listening, and written skills and the ability to effectively communicate across the organization.
  • 3+ years of experience running a vulnerability management program.
  • Knowledge and implementation experience with common information security management frameworks, such as ISO/IEC 27001, and NIST.
  • One or more professional certifications in Information Security is desirable, i.e., CCSP, CISSP, CISM, and/or SANS certifications (GCLD, GWEB, GCSA, etc).
  • Bachelor of Science in Computer Science or related field or equivalent hands-on experience or knowledge. Graduate degree preferred.

Technologies

  • Operating Systems: Windows Server, Linux
  • Applications: Microsoft 365, MS SQL,
  • Security: Crowdstrike, Proofpoint, Splunk, ZScaler, Tenable, JIRA, Confluence

 

#LI-SH1

Additional Information

For more than 30 years the world’s leading companies have trusted 3E to provide the intelligent compliance solutions they need to ensure safety and sustainability—one product, one workplace and one community at a time. Our unmatched Environmental, Health, Safety and Sustainability (EHS&S) and product compliance expertise empowers our clients to improve chemical and workplace safety, product safety and stewardship, supply chain transparency and R&D decision support.

We are deeply committed to serving our more than 5,000 customers worldwide, including nine of the world’s top ten chemical manufacturers, eight of the world’s top ten retailers and seven of the world’s top ten pharmaceutical companies.

Together we are building a safer world and a more sustainable future. Join us!

In March 2022, New Mountain Capital and Endicott Capital acquired our business from Verisk, kicking off the next phase of growth in our 30-year history. Backed by the support and expertise of New Mountain and Endicott, we are now perfectly positioned to grow our business to better serve our valued customers and partners. To learn more, visit www.3eco.com.

 

3E is an equal opportunity employer

Consumer Privacy Notice

At 3E, the health and safety of our people is our number one priority.  Effective November 15, 2021, and subject to applicable law, all prospective hires for office-based roles or roles that support any of our businesses’ government contracts will be required to demonstrate that they are fully vaccinated against COVID-19 by their start date or qualify for a legally required medical or religious accommodation to this vaccination requirement, as a condition of employment. Hired candidates who do not demonstrate that they are fully vaccinated against COVID-19 by their start date, and who have not been approved for a legally required medical or religious accommodation will no longer meet the requirements for employment and their offers of employment will be immediately rescinded, in accordance with applicable law.

Privacy Policy