IT Security Director

The Head of IT Security is responsible for developing and implementing a comprehensive IT security strategy to protect the company’s information assets, infrastructure, and systems. This role involves managing a team of IT security professionals, ensuring compliance with industry standards and regulations, and mitigating security risks.

Key Roles & Responsibilities: What are the core elements of the job duties, the primary day-to-day responsibilities & activities

• Develop and Implement Security Policies:
  • Create and enforce IT security policies, procedures, and protocols.
  • Ensure compliance with industry standards, regulations, and best practices.
  • Experience developing and implementing internal company security controls and road maps.
• Risk Management:
  • Conduct regular risk assessments and vulnerability analyses.
  • Develop and implement strategies to mitigate identified risks.
• Security Operations:
  • Oversee the day-to-day operations of the IT security team.
  • Monitor security systems, networks, and applications for potential threats.
  • Respond to and manage security incidents and breaches.
• Collaboration:
  • Work closely with other departments, such as Finance, HR, and Legal, to ensure integrated security measures.
  • Coordinate with external partners, including vendors and law enforcement agencies, as needed.
• Compliance and Audits:
  • Ensure the company complies with relevant laws and regulations (e.g., GDPR, CCPA).
  • Manage and prepare for internal and external security audits.
• Incident Response:
  • Develop and maintain an incident response plan.
  • Lead the response to security incidents, including investigation and remediation.
• Security Awareness:
  • Develop and implement security awareness training programs for employees.
  • Promote a culture of security within the organization.
• Reporting:
  • Regularly report on the status of IT security to senior management.
  • Provide recommendations for improvements and updates to security measures.

Functional Knowledge: Describebreadth and depth of knowledge of functional work and activities required

• Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
• In-depth understanding of network security, application security, and data protection.
• Proficiency in security technologies such as firewalls, intrusion detection/prevention systems, and encryption.
• Deep understanding of cloud security, endpoint security and identity and access management (IAM)

Business Expertise: Describeknowledge and expertise required about the business and industry in which the business functions

• Experience in the food manufacturing industry is a plus.
• Project Management: Proven experience in managing large-scale security projects and initiatives.
• Crisis Management: Strong background in crisis management and business continuity planning.
• Vendor Management: Experience in managing relationships with security vendors and service providers.
• Communication Skills: Exceptional written and verbal communication skills, with the ability to present complex security concepts to non-technical stakeholders.
• Strategic Thinking: Ability to develop and execute long-term security strategies aligned with business goals.
• Innovation: Track record of implementing innovative security solutions and staying ahead of emerging threats.

Leadership: Describe the nature of leadership required and guidance provided to others

• Ability to manage multiple projects and priorities in a fast-paced environment.
• Recruit, train, and manage a team of IT security professionals.
• Provide guidance and support to ensure the team’s effectiveness.

Problem Solving: Describethe level of analytical thinking required to perform the job

• Strong analytical and critical thinking abilities.

Impact: Describe the level of responsibility and resulting impact on the business

Key role to protect the overall Griffith business from cybersecurity threats and attacks.  Without a strong security position, the organization can be exposed to cyber-attacks and negative financial impacts.

Interpersonal Skills:  Describe the level and type of “people skills” that are normally required to do the job

• Excellent leadership, communication, and problem-solving skills.
• Building partnerships within the global IT teams and ensuring Griffith defined security standards are being followed.
• Holding IT teams accountable for complianncy