Overview

• An expert in your field: you seek to maintain a comprehensive and strategic knowledge base of the current technology landscape, particularly trends, developments and advancements.
• A formulator of strategies and concepts: you have an uncanny ability to construct strategies while developing positive and compelling visions of an organization’s potential.
• Relationship builder: you are a master at building genuine relationships with people at all levels inside and outside of an organization. Whether they’re a type A, B or Z personality, you easily establish a warm relationship, building an effective network around you.

Responsibilities

• Strategic support
  • Work with the VP to develop a security program and security projects that address identified risks and business security requirements.
  • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the VP with a realistic overview of risks and threats in the enterprise environment.
  • Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
  • Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

• Security liaison
  • Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
  • Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.
  • Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
  • Manage production issues and incidents and participate in problem and change management forums.
  • Work with the VP, Information Technology department and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
  • Provide support and guidance for legal and regulatory compliance efforts, including audit support.

• Architecture/engineering support
  • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
  • Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

• Operational support
  • Coordinate, measure and report on the technical aspects of security management.
  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
  • Manage and coordinate operational components of incident management, including detection, response and reporting.
  • Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
  • Manage security projects and provide expert guidance on security matters for other IT projects.
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Qualifications

• 7+ years of experience working within the Information Services field.
• 5+ years of experience in an information security role.
• 2+ years of experience in a leadership/supervisory role.
• The ability to interact with The Cheesecake Factory personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• A strong understanding of the business impact of security tools, technologies and policies.
• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel.
• Experience working with legal, audit and compliance staff.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
• Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry (PCI.
• Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• An understanding of operating system internals and network protocols.
• Experience in system technology security testing (vulnerability scanning and penetration testing).
• Bachelor’s Degree or equivalent.

• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Familiarity with the principles of cryptography and cryptanalysis.
• Experience in application technology security testing (white box, black box and code review).
• Master’s Degree.
• CISSP Certification.
• CISA Certification.

About the Company

Compensation Range