The Information Security Director manages the information security operations and develops strategies to ensure Church Mutual Group’s digital assets are protected, remain confidential, ensure integrity and availability of all systems. This role will also have responsibility to communicate risk to senior management, create, maintain and enforce policies, information security processes to ensure compliance with regulatory requirements. To support these activities, the Director coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. The Director will ensure annual risk assessments and business impact analysis are performed in a timely manner, lead the incident response team and ensure that security is maintained for disaster recovery and incident response plans. Supervisor responsibilities to include staffing, training and development, performance management, and work force planning.
PRIMARY JOB RESPONSIBILITIES
Supervisor/Manager responsibilities may include all of the following:
Manage and allocate resources to IT areas to ensure the achievement of business goals. Accountable for team service delivery performance and for the impact of the results on IT and the business. Communicate strategy and develop plans to foster high level of staff engagement.
Responsible for the effective acquisition, deployment, and integration of information technology solutions. Ensure effective deployment and flexibility in meeting changing business needs. Develop plans and completion criteria and coordinate efforts of team members, vendors, subcontractors, and CMIC personnel.
Enable the organization's flexibility through effective leadership and direction. Ensure availability of technology resources with the appropriate knowledge and skills.
Maintain contact with senior IT management and communicate problem progress/status, risk management, and business satisfaction updates. Provide regular reporting on the current status of the information security program and significant incidents to senior IT management and the Board of Directors.
Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
Assist departments if fulfilling their information security requirements and assessing department-level compliance.
Align information security vision and strategy with CISO, organizational business objectives and priorities.
Oversee the approval, annual review and publication of information security policies and standards.
Provide input for the IT section of the company's code of conduct.
Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other regulatory requirements, such as data privacy.
Collaborate with Compliance for reporting and escalating security incidents, as necessary, lead security incident response efforts.
Establish security metrics, tracking the progress of the Corporate Information Security Program, and coordinate with other corporate governance and risk entities.
Establish and document information security standards in the PMLC and SDLC processes and provide appropriate review of projects to assess information security policies, practices, and guidelines.
Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
Conduct vulnerability scanning, facilitate the vulnerability management process, and escalate as required for critical vulnerabilities and threats.
Participate in department capital, expense, and compensation budgeting.
Perform vendor negotiations, contract management, escalation, purchase request, and invoice verification.
Required Skills
Required Experience
Church Mutual Insurance Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.