Information Security Director
Georgia Lottery is a recognized leader and innovator in the lottery industry and we significantly change the lives of our customers through prize payouts. We also provide educational opportunities for Hope Scholarship recipients, Pre-Kindergarten programs and technical upgrades for classrooms.
Job Summary:
The purpose of this job is to lead, manage and direct the Georgia Lottery Corporation's Information Security program and staff. This position will work closely with the Vice President-Risk & Compliance to administer the Information Security governance program, and with the Chief Technology Officer to implement security initiatives, policies, regulations and procedures. This position is responsible for developing, directing, and executing the corporation's strategic, tactical, and operational information security goals with guidance provided by the Information Security Steering Committee.
Essential Duties and Responsibilities:
The following duties are normal for this job. These are not to be construed as exclusive or all-inclusive. Other duties may be required and assigned.
Create and execute an organizational information security strategic plan.
Develop and maintain information security policies, regulations, standards, and procedures.
Manage information security staff.
Establish and lead corporate -wide information security awareness programs, monitor advancement, facilitate progress and report status.
Responsible for information security management functions such as administrative rights and priviledge review, vulnerability management and security assessments.
Implement approved external and internal information security audit recommendations. Oversee the implementation of any information security-related audit recommendations for the Information Technology, Operations, or Software Development departments.
Develop and maintain reporting measurements and metrics on information security governance in the organization.
Review, maintain, and continually enhance policies, regulations and procedures ensuring the proper separation of duties for Information Security Operations, Information Security Management, and Information Security Oversight.
Responsible for vendor risk management to ensure service providers adhere to information security standards established by the organization.
Work with the Chief Technology Officer to develop, maintain, and assist in executing Strategic, Tactical, and Operational goals.
Perform information security risk assessments and control reviews.
Coordinate vulnerability/penetration tests on regular intervals and to ensure remediation steps by information Technology to closure.
Participate in Information Technology Governance projects from the conception stage to define relevant security requirements, considerations, and implementation strategy as part of the corporations Change Management and Software Development Lifecycle programs
Assist the Internal Audit function in performing enterprise wide internal/external security audits to maintain oversight.
Develop and manage the Information Security budget.
Develop and review information security training and awareness programs for the organization.
Maintain and oversee the corporation's Information Asset Ownership policy, regulation and procedures.
Participate in the preparation and maintenance of the organization's disaster recovery and business continuity plans for information systems to ensure business risks are addressed with appropriate recovery times.
Knowledge and Skill Requirements:
Certificate/Diploma or Associates Degree from Technical College; or Bachelor's Degree from University System in Information Technology, Computer Science, Management Information Systems or related field preferred.
Minimum of (8) years of Information Technology experience with at least (5) years experience in Information Security Operations Management.
Knowledge of security standards (ISO, NST)
Certified Information Systems Security Professional (CISSP) certification is required. In addition the following certifications are preferred: Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM); Cisco Certified Network Engineer (CCNE); Microsoft Certified Systems Engineer (MCSE); GIAC certifications.
Minimum of five (5) years experience working with the following technologies is required: Windows; Active Directory; IPSEC & SSL. VPN technology; Firewalls; Cisco netflow collection and analysis; anti-virus technologies; systems monitoring software; operating system and software patching;VoIP Technology; Database and messaging technologies; Citrix; Cisco Security Agent; Document imaging technologies;
Experience and knowledge of the following technologies preferred: 808. 1x; Storage Area Networks; VMWare; MPLS Network; MS SQL. Server 2005; MS Exchange; Microsoft Office; Desktop Management; GP Dynamics; Enterasys Dragon; Cisco Security Monitoring Analysis and Response System (MARS);
Three or more years of supervisory experience preferred.
Must possess strong verbal and written communications skills,
Must possess strong project management skills.
Ability to work independently and set strategic direction for information security assurance and compliance.
Ability to write detailed technical documentation on security procedures and project plans.
Ability to keep abreast with new technologies.
Knowledge of systems design and implementation.
Strong relationship building skills; adept at working collaboratively to build consensus.
Any equivalent combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this job may be considered.
Education:
Certificate/Diploma or Associates Degree from Technical College; or Bachelors Degree from University System in Information Technology, Computer Science, Management Information Systems or related field.
Certified Information Systems Security Professional (CISSP) certification is required.
Benefits:
Fun environment
Competitive pay
Excellent benefits package
Business casual workplace
401k with company contribution