Information Security Director

  • Ball
  • Westminster, CO, USA
  • Nov 09, 2020

Job Description

Powered by endlessly curious people with an unwavering mission focus, Ball Aerospace pioneers discoveries that enable our customers to perform beyond expectation and protect what matters most. We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely. For more information, visit Ball Aerospace Career Site or connect with us on LinkedIn , Facebook , Twitter or Instagram . The Security and Mission Assurance Strategic Support Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge. Information Security Director The Information Security Director shall lead a group of highly skilled, multidisciplinary team of security professionals responsible for the execution of various enterprise-wide security functions, information security, and National Industrial Security Program compliance. The individual will also work closely with and report to the Chief Information Security Officer (CISO) within Security & Mission Assurance. Individual will provide both tactical and strategic guidance on security practices across various enterprise manufacturing and business support systems. The successful candidate will work across the business to determine acceptable levels of information security risk for the organization. The candidate must be highly knowledgeable of the business and external threat environment and be able to build a picture of how both the business drivers and external threats impact a specific risk profile. They will also work with the CISO to establish a program to identify, evaluate and report on enterprise security risks in a manner that meets compliance, regulatory requirements. This position is at a Senior level and requires a visionary leader with sound knowledge of business management and a detailed knowledge of security technologies and threats inherent within the Defense Industrial Base. The successful candidate will proactively work with business units and functional groups to implement the enterprise risk management strategy. The ideal candidate is an articulate and persuasive thought leader who builds consensus and can serve as an effective member of the Security & Mission Assurance leadership team. The candidate must maintain objectivity with a strong understanding that security is one of many business activities and should enable the business and provide it a competitive advantage. Ultimately, the mission of the IS Director is to add business value and create competitive advantage for the business through effective and efficient risk management strategies. What youll do: Work in concert with the Information Security team to ensure enterprise-wide compliance with the National Industrial Security Program Operating Manual (NISPOM) and ensure audit readiness for DCSA vulnerability assessments. Develop and monitor processes and procedures to protect information at rest (includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk) and in transit (when data is being transferred between components, locations, or programs) to include management of USG cryptographic equipment. Aid in the development of a company-wide Security Awareness, Training, and Education program to protect company proprietary and customer owned information. Support the CISO in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and information technology (IT) risk management program to ensure the integrity, confidentiality and availability of information is owned, controlled or processed by the organization. Build, develop and manage effective cyber threat and policy governance security organizations, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and conducting annual performance reviews. Facilitate information security governance through guidance & participation in an information security steering committee. Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices. Develop and manage information security budgets. Create and manage information security and risk management awareness training programs for applicable employees and contractors. Work directly with the business units to facilitate IT risk assessment and risk management processes. Work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk. Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection. Develop and enhance an information security management framework based on, but not limited to: The International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST 800-53, 800-171). Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. Ensure security programs are compliant with relevant contracts, laws, regulations and policies to minimize or eliminate risk and audit findings. Aid in defining and facilitating the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. Manage security incidents and events to protect IT assets, including intellectual property, regulated data and the company's reputation. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Report on any data exfiltration within program guidelines. Conduct risk assessments for Ball Aerospace-wide processes and make major system risk decisions. Responsible for selecting solutions to enhance security controls to include security policies and procedures consistent with State, Federal, and contractual obligations. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security. Understand and interact with related disciplines through committees ensuring consistent application of policies and standards across all technology projects, systems and services, including (but not limited to) privacy, risk management, compliance and business continuity management. Maintain a regular and predictable work schedule. Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Support Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment. Perform other duties as necessary. What youll need: BS/BA degree in a related field plus 15 or more years of related experience. Each higher-level degree, i.e., Masters Degree or Ph.D., may substitute for two years of experience. Related
Associated topics: attack, cybersecurity, identity, information security, malicious, phish, security officer, threat, violation, vulnerability