Global Information Security Associate Director

Location:US-NJ-Secaucus Job Number:SEC0000X Employee Status : Regular Job Type :Experienced Schedule : Full-time Description The Associate Director Global Information Security will oversee and manage a team to help formulate and implement global security strategy, policy, architecture, portfolios and incident response. ResponsibilitiesDirect the continual upgrading of procedures and equipment to maintain currency with technological progress, economic change and business needs. Establish the firm's strategic information security vision and direct the development of communications and marketing plans for information security initiatives to raise security awareness. Consult with senior management and other functional area management to identify strategic directions and major policy. Participate with and provide technical consultation to senior Information Technology (IT) management and other strategic planning groups. Consult with functional management in the analysis of short and long-range business requirements and recommend innovations which anticipate the future impact of changing business requirements and systems. Provide linkage between technical and business management on a variety of complex initiatives by integrating the business and IT information security architecture strategies. Develop recommendations for senior business and IT management. Ensure the strategic direction regarding network and application-level security, strategic and tactical direction application security, and technical acceptance of security architecture and documentation for major application initiatives. Direct the security and connectivity initiatives of internal and external clients, domestically and internationally, and lead efforts to architect secure connectivity solutions. Direct the monitoring of existing and proposed security standard setting groups and State and Federal legislation and regulations pertaining to information security. Act as an IT liaison for our General Counsel and Internal Audit groups on all matters relating to information security. Lead all security-related investigations and computer-incident response efforts. Recommend the selection of and be responsible for the performance management of staff members. Overseeing a team responsible for:1. Establishing security baselines and conducting security risk assessments and security certifications affecting the entire global EY enterprise2. Providing solutions for secure technology implementations, i.e. how technologies get securely configured and deployed globally3. Developing strategy for and deploying security products and technologies, such as anti-virus, anti-spyware, intrusion detection and prevention, firewalls, etc.4. Managing global security incidents5. Publishing critical vulnerability alerts6. Documenting security policies, standards, guidelines, and procedures7. Auditing compliance with global security policy and regulatory compliance as appropriate Exercising blended balance of tactical and strategic skills to help assist with the development and implementation of the firm's global information security and technology risk management functions across the enterprise Develop and implement processes and technologies for achieving and measuring compliance to regulations, ensuring protection of proprietary information, while overseeing both technical and risk management aspects of security Participate in a global network comprised global and area security directors who safeguard the firm's information assets, intellectual property, and computer systems. Lead the development and maintenance of global information security policies, standards, procedures, and compliance Oversee the development and implementation of incident management processes and procedures as well as the investigation of security breaches. Liaise with TSRS and outside consultants as necessary for independent security audits. Liaise with and provide expertise to Global and Area General Counsel with regard to both client and vendor agreements regarding all security matters. Liaise with and provide expertise to the Area Directors of Information Security. Oversee annual functional area budget and manage expenditures to plan. Identify improvement opportunities for securing the EY environment by anticipating problems and issues, providing suggestions and alternatives while helping to ensure compliance with security policy. Ability to discern creative alternatives to securing the EY environment while enabling the business, particularly during security incidents Ability to lead, motivate, and influence Sound judgment and tact Excellent management, interpersonal, communication, and organizational skills Ability to work and team effectively with clients and other management personnel Manage the training, development, and performance management of staff members to develop and maintain knowledge within the information security field Directly and indirectly supervise technology staff in the development, implementation, and support of technology to meet security and business requirements. Guide and influence the global implementation of security policy throughout EYManage security incident response often times providing direction to the Areas and countries with regard to containment, reporting and remediation of any security incidentsP2D To qualify, candidates must have: an advanced degree in Computer Science or a related discipline; or equivalent work experience Approximately 10-12 years of experience in information technology, management, and tracking/analyzing budgets, preferably with experience in the field of information security CISSP, CISM preferred but not required sound judgment and tact excellent management, interpersonal, communication, and organizational skills ability to work and team effectively with clients and other management personnel