View Our Website View All Jobs

VP Digital Security

Job Description and Responsibilities:

  

The VP Digital Security, reporting to the interim CISO, will oversee the Day-to-Day Digital Security program for Fareportal, From its alignment to the business strategy to its implementation and daily enforcement. This will include performing an analysis of the requirements, developing a program plan, overseeing the deployment and defining the operating model for the running activities. The VP Digital Security will manage a team of Information Security officers dedicated to the program, either in project mode or for its operations.

 

It is expected that the VP Digital Security will be responsible for:

  • Managing and leading a team of Information Security Officers
  • Oversight and execution of the day-to-day aspects of the Digital Security program for the firm
  • Monitor the travel and ecommerce industry landscape to keep visibility on evolutions, trends, and best practices related to Digital Security
  • Integrate regulatory requirements, Business strategy, management directions and budget constraints as they relate to Digital Security
  • Collaborate with Information Technology, other control functions and departments to ensure full support of the Digital Security program deployment, and full integration with concomitant programs
  • Contribute to Enterprise Risk and Governance Risk and Compliance committees, decision making process and budget exercise
  • Ensure both the program deployment and the daily operations are executed per the plan and processes
  • Report to Management on the program progress, resources consumption and residual risks
  • Be in close discussion with multiple stakeholders from different functions across the platform, to ensure discussions, workshops or tasks are being held as needed for the committees
  • Maintain communication channels with key members and contributors to the Digital Security program, to maintain the agenda, ensure datasets preparation and collection, and identify any issue ahead of committees
  • Maintain a roadmap of initiatives and a calendar of events associated with the regional Digital Security program

 

Required Skills:

 

  • Experience in formal risk assessment and risk management practices.
  • Strong familiarity with information security, risk management, and IT governance standards and frameworks (e.g., ISO 27000, ISO 22301, etc.).
  • Experience managing third-party risk, business continuity risk, and IT operational risk.
  • Experience establishing and managing controls inventories and performing controls effectiveness reviews.
  • Ability to leads organization’s Vulnerability Management Program efforts.
  • Experience with vulnerability analysis processes and best practices.
  • Ability to guide Secure Software Development principles.
  • Manages security compliance staff and provides leadership to support PCI-DSS requirements.
  • Leads organization’s communications, reporting, observation tracking and remediation activities to address internal audit, outside audit and related enhancements to improve overall IT Security compliance and operations.
  • Establishes key performance indicators and proactively reports to CISO on performance of IT Security compliance activities and metrics.
  • Maintains IT Security compliance programs in accordance with Travel and eCommerce industry regulations and requirements.
  • Leads organization’s IT security awareness training program activities and coordination with appropriate business and operational units.
  • Prepares reports and performance metrics for IT Security compliance to CISO, GRC and senior executives, regulators, and Board of Directors.
  • Provides expert-level analysis of alternatives, design and implementation plans and recommendations supported by strong research skills and provided through strong communication skills. 
  • Supervises and reviews updates to information security policies, architectures, standards, and/or other technical documents.
  • Candidate stays abreast of latest industry developments in the information security area.
  • Represents the organization’s security compliance interests in all matters: with partners, suppliers, industry associations, and government entities to ensure the bi-directional flow of technical information and best practices in information security.
  • The candidate works closely with other departments to ensure that information security compliance and risk requirements are met.
  •  

 

Qualifications:

 

  • Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. Masters preferred.
  • 8 years of experience in a combination of risk management and information security jobs. At least four must be in a senior leadership role.
  • CISSP or CISM is strongly desired
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as PCI DSS and the European GDPR.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001-2, NIST Cybersecurity Framework, or NIT 800- series of standards.
  • Knowledge of secure development methodologies, such as MS SDL, OWASP SDLC
  • Knowledge of network security encryption methods, IPSEC, Kerberos, Authentication concepts

 

Job Competencies: 

 

  • Evaluate, choose, adapt and drive the implementation of security, governance standards and risk management programs to ensure the integrity, confidentiality and availability of customer and company data in all jurisdictions that LogMeIn operates in.
  • Leverage information security experts and technology to support a secure infrastructure, secure applications, and overall data security; lead strategic security planning with Product Development, Service Delivery Team (NOC), Internal IT and other users across the organization
  • Provide strategic leadership for secure product development and the security feature set of our products.
  • Manage the security organization, including direct and indirect reports. Manage hiring, training, staff development, and performance management
  • Develop, communicate and ensure compliance with organizational security policies and standards; proactively work with business units to implement practices that meet defined policies and standards for information security
  • Organize security assessments for our own services and internal and external information systems that we use. Advise on mitigating vulnerabilities.
  • Manage security incidents and events to protect customer and corporate data. Lead the internal and external communication of the event coordinate responses.
  • Work with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.

 

Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

150
Human Check*