• United States



Job Post: Director, Security Assurance

Dec 28, 20075 mins

JOB TITLE:   Director, Security Assurance 

JOB CODE:  101092


DIVISION:  Global Technology

DEPARTMENT:  Technical Operations 

REPORTS TO:  VP, IT Security


1. KEY RESPONSIBILITIES  Job Summary – (Role Summary)  Direct the development and management of the Global Information Security Assurance and Global Security Awareness programs for the company.  Provide vision and leadership for developing and supporting initiatives in the areas of technology security audits and training. Direct information security controls by conducting periodic risk assessments to ensure that legal, regulatory and audit requirements are met for reasonable and adequate security.  Provide guidance and facilitation for business practices related to the PCI-DSS, SOX and SAS70 reviews across the company relying on legal counsel, treasury, risk management and internal audit as resources. Provides vision and leadership for developing and supporting security initiatives in the areas of Security Assurance and Awareness. Directs the planning and implementation of the global security awareness global security assurance programs.    Essential Duties and Responsibilities – (Key Activities)• Participate as a member of the security management team in governance processes of the organization’s security strategies and lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security strategies in the areas of Assurance and Awareness.• Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.• Work closely with all areas and regions of IHG on the assessment of corporate technology to fully secure information, computer, network, and processing systems.• Audit the proper administration of, all computer security systems and their corresponding or associated software. Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.• Specify the security requirements for, and audit the proper administration of, the facility’s security systems and their corresponding equipment or software ensuring that facilities, premises, and equipment adhere to all applicable technology policy, laws and regulations.• At the direction of the Global Head of Information Security, develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations falling within the designated area of responsibility.• Assess and communicate any and all security risks associated with any and all purchases or practices performed by the company Recommend and implement changes in security policies and practices in accordance with changes in local or federal law. Creatively and independently provide resolution to security problems in a cost-effective manner.• Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies. Collaborate with other management resources to establish and maintain a system for ensuring that security policies are communicated and met.  2. REQUIRED QUALIFICATIONS  Education –Bachelors or Master’s Degree in Computer Science or a relevant field of work or an equivalent combination of education, security certifications, and work related experience.     Experience –• 3+ years experience managing and/or directing an IT and/or security operation.• 10+ years experience working in the IT industry with a focus on security audit.• Experience in Security Audit/Assurance programs including SOX, SAS70 and PCI-DSS• Experience in planning and executing security policies and standards development.• Excellent knowledge of technology environments, including information security, building security, and defense solutions.   Technical skills and Knowledge –• SANS, ISA or ISC2 Certification required. • Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.• Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.• Good understanding of computer systems characteristics, features, and integration capabilities.• Experience with systems design and development from business requirements analysis through to day-to-day management.• Excellent understanding of project management principles.• Superior understanding of the organization’s goals and objectives.• Demonstrated ability to apply IT in solving security problems.• In-depth knowledge of applicable laws and regulations as they relate to security.• Proven leadership ability.• Ability to set and manage priorities judiciously.• Excellent written and oral communication skills.• Excellent interpersonal skills.• Strong negotiating skills.• Ability to present ideas in business-friendly and user-friendly language.• Exceptionally self-motivated and directed.• Keen attention to detail.• Superior analytical, evaluative, and problem-solving abilities.• Ability to motivate in a team-oriented, collaborative environment.   3. ACCOUNTABILITY  Number of employees supervised:   Direct 1,   Indirect 6  Annual operating and/or payroll budget(s):  $ 2 million Capital  Decision making responsibilities (Key Decisions Rights)• This position has significant impact in the development of policies related to information security and protection of customer or employee information.  • This position has significant impact related to contract negotiations with technology vendors and loyalty program partners to ensure customer and employee data is adequately protected.  • Responsible for selection of vendors and consultants for professional services and security products.• Erroneous decisions or recommendations would normally result in failure to achieve goals critical to the strategic objectives of the Company and would seriously impact the financial, employee or public relations posture of the Company.

To be considered for this position, please apply online at