Director, Information Security

Job Details

Description

The Director, Information Security provides information security leadership for Regal Entertainment Group and is responsible for the oversight and management of Regal’s information security program. This position works closely with senior management, ensures compliance requirements are assessed, remediation actions are executed to maintain Regal Cineworld’s overall regulatory and legislative directives, as well as information security requirements from external partners and other agents. The incumbent communicates performance through status reports to IT Management, business unit executives and senior management.

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Manage Information Security program for Regal Cineworld; specific duties include:
• Develop policy, process, and procedure documentation to support compliance and information security initiatives; identify mitigating controls as needed
• Publish and disseminate critical security information to appropriate audiences
• Perform threat / risk assessments and provide security reporting to executive management where appropriate
• Manage IT department compliance with respect to PCI, GDPR, Sarbanes-Oxley and other external requirements. Specific duties include:
• Maintain awareness of external requirements, standards and best practices to recommend action for Regal to remain in compliance or to attain compliance
• Develop action plans based on annual or preventative audits and that Regal Cineworld remains in compliance
• Coordinate design and testing of all IT components that are subject to PCI, GDPR, SOX, and other requirements to ensure compliance
• Oversight of all security monitoring process documentation to ensure that documentation is current, exceptions are approved and that processes are followed
• Manage internal and external scans of the environment to ensure that risks are identified and remediated; maintain records of actions to remediate risks
• Ensures external validation processes are defined, scheduled, executed and disseminated as needed to comply with regulatory requirements as approved by Regal management
• Assist with annual penetration testing in support of PCI-DSS compliance
• Assist with the completion of the annual PCI Report on Compliance
• Alert IT Management and the VP, Compliance regarding emerging issues or matters regarding compliance that require senior management action; recommend course of action and policies as appropriate
• Manage the Enterprise Incident Response process. Specific responsibilities include:
• Develop processes and procedures for Enterprise Incident Response Management team
• Conduct annual review
• Develop and maintain documentation for Enterprise Incident Response Management policies, processes and procedures as well as documentation for incidents as they are identified or occur for audit review and root cause analysis
• Lead the Enterprise Incident Response Management team in identifying incident causes, remediation, repair and prevention
• Participates as required with Human Resources in legal processes and enforcement actions
• Supports the Disaster Recovery plan to ensure that applications can be recovered to meet the Recovery Time Objectives (RTO) as defined and approved by Management:
• Monitors data backup processes: server state backup processes to ensure that recovery is possible
• Participates with on-site Recovery Center team in the event of a disaster
• Participates in drills to ensure recovery plans are viable and will meet RTO
• Identifies opportunities to reduce risk and mitigate potential threats; proposes solutions as necessary
• Manage relationships with key vendors to ensure conformance with Service Level Agreements, contract terms, and coordinates or negotiates review and revision of contracts with vendors
• Monitors new developments in security technology and environmental risks and develops plans to strengthen and improve the security systems of the company
• Provide oversight of the IT environment in collaboration with other IT Management to ensure access to information systems is appropriate and authorized.
• Establish security parameters for all IT components and monitor implementation of parameters for equipment and installations. Manages process to obtain management approval for exceptions per procedures and policies.
• Budget development, management and control for assigned projects and support processes
• Perform oversight of the AD account management and provisioning process
• Perform oversight of the vendor access account management and provisioning process
• Other duties as assigned
  

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Professional Skills

• Must have tactical / working knowledge of all technologies currently in-use and / or planned
• Must demonstrate the ability to learn quickly and apply knowledge in a timely manner and for the appropriate task.
• Experience with formal project management techniques, process design and management (metrics) is desired
• Demonstrated skills to communicate difficult technical concepts clearly to a variety of individuals of varying technical expertise and understanding.
• Demonstrated effective decision-making skills, even under pressure and while lacking all of the desired information detail.
• Strong written and verbal communication skills to deal effectively with the business unit executives, management and staff, as well as IT management and staff.
• Should possess management development skills and experience to coach, guide and develop IT staff as part of the Regal Performance Management and Appraisal Process.
• Must be a disciplined process-oriented manager able to lead the implementation of best practice controls and processes.
• Possess superior problem-solving skills for a complex network topology, being able to assemble a team as needed to identify issues, root causes and solutions.
• Must have proven ability to work successfully in a high volume, technically demanding job, providing leadership and customer service while utilizing excellent judgment
• Must be flexible and willing to travel to other locations
• Must be proactive in identifying and correcting infrastructure deficiencies.
• Must be a team player, excellent collaborator and leader.
• Must be mature, poised, and confident in the face of adversity.
• Must be highly organized and capable of providing technical leadership while requiring minimal day-to-day guidance.
  
  

Education/Experience

Minimum of five years of experience in Information Security & Compliance management supporting a complex business and systems environment. Minimum of a Bachelor’s Degree, equivalent experience with specialization in information security is required, or industry relevant certifications is required. Comprehensive knowledge of effective supervisory/management practices and techniques. Proven track record effectively managing or designing IT security architecture and implementing IT Security controls. Experience is preferred in Theatre Information Technology; alternatively, experience in a retail global environment is highly desired. Detailed knowledge of the PCI DSS process and standards is highly desirable.

Language Ability

Demonstrated skills to communicate difficult technical concepts clearly to a variety of individuals of varying technical expertise and understanding. Demonstrate effective decision-making skills, even under pressure and while lacking all of the desired information detail. Good written and verbal communication skills to deal effectively with the business unit executives, management and staff, as well as IT management and staff.

Math Ability

Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

Reasoning Ability

Perform under pressure and/or opposition at times relying on your own independent judgment and knowledge to decide the best directions and solutions.

Computer Skills

Word processing, Spreadsheets, E-mail, Database software, Networks, ability to write computer scripts and macros.

Responsibilities

Supervisory Responsibilities:

The Director, Information Security & Compliance manages the activities of the Information Security & Compliance team and external resources. The primary role will be to coordinate Information Security activities with others within the IT Department to achieve Information Security objectives. Daily operational activities will be performed by Information Security & Compliance team members, IT, and / or external vendors performing a contracted service. Staff responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

While performing the duties of this job the employee is frequently required to stand, walk, sit, and use hands to finger, handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and talk or hear. The vision requirements include close vision, distance vision, peripheral vision, depth perception, and the ability to adjust focus. The employee is occasionally required to lift up to 50 pounds.