Director, Information Security

Ensign is hiring

As Director, Information Security, you will play a crucial role in implementing Ensign's cybersecurity vision. Reporting to the Information Security Office, you will collaborate with senior management and business units on cybersecurity initiatives. You will play a crucial role in supporting the CISO in establishing and maintaining an effective information security program. You will assist in leading a team of security professionals and collaborate with stakeholders across the organization to identify, assess, and mitigate information security risks. You will help shape and implement the organisation's information security strategy, policies, and procedures, while also providing technical expertise and guidance.

Key Responsibilities:

- Develop and implement the organisation's information security strategy, objectives, and initiatives.
- Establish and maintain information security policies, standards, and procedures to ensure compliance with applicable regulations and frameworks.
- Support the identification, assessment, and management of information security risks, including conducting risk assessments and vulnerability assessments.
- Lead the development and implementation of a threat-informed defence strategy, leveraging cyber threat intelligence to proactively identify and mitigate potential security threats and vulnerabilities.
- Assist in the development of metrics and reporting mechanisms to track the effectiveness of threat-informed defence measures and communicate security posture to senior leadership.
- Stay updated with the latest information security trends, technologies, threats, and vulnerabilities, and provide technical guidance and recommendations to senior leadership.
- Assist in the development and maintenance of incident response plans, including coordinating response activities and conducting post-incident reviews.
- Establish and maintain a robust cyber threat intelligence program, including the collection, analysis, and dissemination of actionable intelligence to relevant stakeholders within the organization.
- Conduct threat assessments and provide recommendations for improving the organization's security posture based on threat intelligence insights.
- Ensure the integration of threat intelligence into incident response processes, including the development of playbooks and response plans based on known threats.
- Provide technical expertise and guidance in the analysis and interpretation of threat intelligence data, enabling informed decision-making and risk mitigation.
- Collaborate with internal teams, external entities, such as law enforcement agencies and industry forums, to share threat intelligence on emerging cyber threats, attack vectors, and mitigation strategies and contribute to the broader security community.
- Collaborate with cross-functional teams, such as IT, legal, compliance, and human resources, to integrate information security requirements into business processes and systems.
- Stay updated on the latest trends and advancements in threat intelligence and cyber threat landscape and provide guidance to the management and other stakeholders on emerging risks.
- Assist in driving security awareness and training programs to educate employees on their responsibilities and promote a culture of security awareness and compliance.

It's a plus if you have the following attributes:

- Bachelor's or Master's degree in computer science, information security, or a related field. Relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.
- Proven experience (5+ years) in information security management or a related role, with a focus on developing and implementing security programs.
- Strong knowledge of information security frameworks, standards, and best practices, such as ISO 27001, NIST and MITRE.
- Familiarity with security technologies, including firewalls, intrusion detection/prevention systems, encryption, endpoint protection, SIEM, vulnerability management, and secure coding practices.
- Experience in conducting risk assessments, vulnerability assessments, and participating in incident response activities.
- Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
- Demonstrated ability to assist in driving information security initiatives and providing technical expertise to support security strategies.
- Solid analytical and problem-solving skills, with the ability to contribute to risk-based decision-making processes.
- Adaptable and able to work in a fast-paced environment with changing priorities.
- Understanding of emerging technologies and their potential security implications.