Senior Director, Information Security

Job Description

ASCAP is home to more than 800,000 music creator members across all genres - the greatest names in music, and thousands more in the early stages of their careers. We are the world leader in performance royalties, advocacy and service for music creators, and are the only PRO in the US run by its members including songwriters, composers and music publishers.

ASCAP technologists live our mission and we are passionate about what we do for our customers and we practice what we preach. Our technologists serve with humility and a deep respect for their responsibility in helping our business partners and members achieve their goals and realize their dreams. We stand behind our mission and are committed to delivering the impossible.

Bottom line? We outthink ordinary. Discover what you can do with technology at ASCAP!

We are looking for a Senior Director, Information Security who will be charged with developing and implementing the company-wide information security program to protect enterprise systems and assets from internal/external threats. This is a high visibility role involving routine meetings with C suite executives.

Responsibilities of Senior Director, Information Security:
• Create/implement a strategy for the deployment and development of information security technologies, policies and practices to secure protected and sensitive data and ensure information security and compliance with applicable laws.
• Monitor security vulnerabilities and hacking threats in network and host systems.
• Interpret standards, best practices & current risks to define corporate policies.
• Track latest IT security innovations and keep abreast of latest cyber security technologies and risks.
• Develop/implement business continuity plans to ensure continuous service through infrastructure/systems changes, security breach or if disaster recovery plan is triggered.
• Conduct a continuous assessment of current IT security practices and systems and identify areas for improvement.
• Run security audits, red teaming exercises, penetration testing and conduct risk assessments.
• Serve primary control point during significant information security incidents, convening a Security Incident Response Team (SIRT) as needed, and preparing situational reports (SITREP).
• Partnering with financial and legal officers and IT personnel in conducting investigations, preparing situational reports and remediation plans in connection with information security incidents and breaches.
• Own and manage company wide risk and compliance programs including PCI, GDPR, Internal SDLC and the like.
• Regularly reporting to the Chief Technology Officer and senior company leadership on the state of the IT security infrastructure, the portfolio of security projects and advising on best practices and information security strategies.
• Managing relationships and liaising with external IT vendors, security experts and advisors.
• Championing and educating the organization and its employees about the latest security risks, strategies and technologies and run training and phishing campaigns as needed.

Qualifications
• Bachelor's degree in Computer Science or a related subject
• Certified Information Security Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is required.
• Master's degree in computer science and/or business administration is highly desirable.
• 7+ years IT security experience, preferably in managing security for the healthcare sector including highly sensitive financial data (PCI) and/or protected health information (PHI) under different privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection and Privacy Directive (GDPR).
• Direct experience in the areas of systems architecture, administration, applications development, database administration, network operations, and data center operations.
• Experience securing various architectures and deployment strategies such as Managed Hosting, Software-as-a-service, Infrastructure-as-a-service (AWS), Platform as a service (Salesforce), etc.
• Develop and administer information security policies and procedures in a complex environment.
• Experience deploying and managing various MDM, endpoint, network, vulnerability and threat detection tools, policies and programs
• Complete information system auditing including computer security reviews, control selection, and evaluation of systems using a risk based approach.
• Expertise in computer forensic investigation methodology and investigation tools to collect, analyze and preserve electronic evidence.

Besides providing a unique and dynamic work environment, there are a few other reasons you should consider ASCAP in your career planning. We also offer generous benefit options that are comprehensive and provide the flexibility that most employees want and need. These health care and financial plan options include the following:
• A choice of either network only provider medical and dental plans or more flexible medical and dental plans where you can see providers in or out-of-network
• Vision plan that offers both in and out- of network provider options
• Immediate eligibility for 401(k) participation with an employer provided match
• An additional Employer paid retirement savings program regardless of your participation in the 401(k) Plan
• Generous time-off policy
• Health care and dependent care flexible spending accounts
• Short term disability Insurance / salary continuation and Long term disability insurance
• Company provided basic life and accidental death and dismemberment insurance
• Supplemental and dependent life insurance options

ASCAP is an equal opportunity employer. All ASCAP employment decisions are made on the basis of individual qualifications and performance and not on the basis of race, national origin, ethnicity, sex, age, marital status, sexual orientation or preference, gender identity, genetic information, disability, handicap, color, creed, religion, veteran status, or any characteristic protected by applicable federal, state or local laws.

Jobcode: Reference SBJ-r01z61-18-191-171-20-42 in your application.