We are looking for a Senior Director of Enterprise Information Security to be a key member of the Enterprise IT Leadership Team. We seek a dynamic leader that defines fun as working on difficult challenges with intelligent people in a collaborative fashion. This is an important position to the organization as this person will establish leadership and strategic direction for the Enterprise IT Security function and help craft the overall security strategy for iRobot.
The Sr. Director of Enterprise Information Security is someone who has timely in-depth knowledge of evolving threats and has extensive experience in effectively mitigating such risks by means of tools, policies, best practices, and employee education. To be successful you not only are great at defining a vision, but you are equally great at executing on that vision. The Sr. Director of Enterprise Information Security represents iRobot s information security vision and progress to all levels of executives. This position leads the development and implementation of a security program that leverages collaboration, facilitates information security governance, advises leadership on security direction and resource investments, and supports design of appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with the ability to work with other leaders to set the best balance between security strategies and organizational priorities.
This Leader will enhance the IT culture through positive leadership and will ensure staff members, stakeholders and outsourced vendors are working together to successfully achieve strategic objectives and supporting iRobots culture of diversity, equity, and inclusion.
This position will report directly to the Chief Information Officer, and will be in Bedford, MA.
- Establish and maintain the Enterprise Security vision, strategy, and program to ensure information assets and technologies are adequately protected.
- Periodic communication & updates to the executive leaders (Board of Directors, C-Level executives) on strategic vision, progress, risks and awareness.
- Periodic Enterprise Security update to the Board of Directors/Audit committee around risk assessment and entity preparedness.
- Ownership of escalation, communication and resolution of security threats to the Executive Team.
- Develop world-class information security team that epitomizes iRobot culture and commitment to security and innovation.
- Lead operational risk management activities to enhance the value of the company and brand including conducting risk assessments, gap analysis and remediation exercises.
- Manage the development and implementation of the global enterprise security roadmap, policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
- Owns all information security technologies, processes and responsible for SecOps.
- Develop procedures intended to sustain the security of the companys data and access to its technology and communications systems. Ensure the distribution and communication of these procedures in appropriate systems and media.
- Enable the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations. Develop a means of continuous monitoring.
- Establish suitable information security awareness, training and educational activities.
- Create information security risk assessments and compliance audits. Leads activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties.
- Acts as sponsor and oversees the delivery of technology projects related to information security.
- Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, Product, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
- Oversees development, implementation and maintenance of enterprise-wide information security technology.
- Maintain leading edge knowledge of threats, technology, processes, and other related industry knowledge.
- Maintain detailed awareness of potential incidents and ensure event scopes are quickly obtainable.
- Develop and drive incident response processes with the goal of efficient containment and effective forensics capabilities. Work closely with cross-functional teams to ensure supporting data is readily available to relevant business units and external parties. Oversees development of response plans and provides timely update reporting.
- Work with executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
- Maintain relationships with related government agencies.
- Work with outside consultants as appropriate for independent security audits, penetration tests, and Red Teams.
- Develops, manages security budget and forecasting.
- Enables the business in their development and deployment in a fast-paced innovative environment while protecting iRobots assets and intellectual property.
- 5+ years in a Director level position with an enterprise security function including public reporting to board level executives.
- 10+ years of relative experience in information security management, risk management, large-scale program management and/or related functions demonstrating progressive leadership experience in information technology security and privacy.
- Experience managing global teams of experienced, technical staff through various life-cycle phases required (internal & outsourced.) Experience with China a plus.
- Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify this if necessary.
- Proven and demonstrated successful experience delivering results in the following areas of IT Security: Identity and Access Management (IM), Identity and Access Management (IM), Application, Cloud and Data Security, Information Governance Risk & Compliance (GRC), Security Operations.
- Experience defining and leading an information security function.
- Up-to-date knowledge of information security issues, trends, and leading practices.
- Expertise in security policy development, defensive protocols, and the tools marketplace.
- Strong leadership skills with the ability to influence, collaborate, lead team and partners through change, and deliver results and who can communicate security-related concepts to a broad range of technical and non-technical staff.
- Strong communication skills with the ability to present to senior management.
- Strong relationship building skills with the ability to create trusted, transparent relationships across all levels of the organization. Become a trusted business advisor.
- In depth knowledge of regulatory environment (Sarbanes-Oxley, HIPAA, PCI, PPI, GDPR, Data Privacy, Safe Harbor, and other regulations).
- Demonstrated experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
- Must have strong working knowledge of pertinent laws.
- Must have a solid understanding of information technology and information security.
- Bachelors in Computer Science, Business Administration, and/or Information Systems preferred.