Information Security Director

Company: Ball Aerospace
Location: Westminster
Posted on: February 25, 2021

Job Description:

Powered by endlessly curious people with an unwavering mission focus, Ball Aerospace pioneers discoveries that enable our customers to perform beyond expectation and protect what matters most. We create innovative space solutions, enable more accurate weather forecasts, drive insightful observations of our planet, deliver actionable data and intelligence, and ensure those who defend our freedom go forward bravely and return home safely. For more information, visit--Ball Aerospace Career Site --or connect with us on LinkedIn , Facebook , Twitter --or Instagram . The Security and Mission Assurance Strategic Support Unit provides discriminating support to the business to ensure success. We focus on threat identification, risk assessment, and mitigation while improving the efficiency of the business through effective governance and analysis of process, data and overall business knowledge. Information Security Director The Information Security Director shall lead a group of highly skilled, multidisciplinary team of security professionals responsible for the execution of various enterprise-wide security functions, information security, and National Industrial Security Program compliance. The individual will also work closely with and report to the Chief Information Security Officer (CISO) within Security & Mission Assurance. Individual will provide both tactical and strategic guidance on security practices across various enterprise manufacturing and business support systems. The successful candidate will work across the business to determine acceptable levels of information security risk for the organization. The candidate must be highly knowledgeable of the business and external threat environment and be able to build a picture of how both the business drivers and external threats impact a specific risk profile. They will also work with the CISO to establish a program to identify, evaluate and report on enterprise security risks in a manner that meets compliance, regulatory requirements. This position is at a Senior level and requires a visionary leader with sound knowledge of business management and a detailed knowledge of security technologies and threats inherent within the Defense Industrial Base. The successful candidate will proactively work with business units and functional groups to implement the enterprise risk management strategy. The ideal candidate is an articulate and persuasive thought leader who builds consensus and can serve as an effective member of the Security & Mission Assurance leadership team. The candidate must maintain objectivity with a strong understanding that security is one of many business activities and should enable the business and provide it a competitive advantage. Ultimately, the mission of the IS Director is to add business value and create competitive advantage for the business through effective and efficient risk management strategies. What you'll do:
---Work in concert with the Information Security team to ensure enterprise-wide compliance with the National Industrial Security Program Operating Manual (NISPOM) and ensure audit readiness for DCSA vulnerability assessments.
---Develop and monitor processes and procedures to protect information at rest (includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk) and in transit (when data is being transferred between components, locations, or programs) to include management of USG cryptographic equipment.
---Aid in the development of a company-wide Security Awareness, Training, and Education program to protect company proprietary and customer owned information.
---Support the CISO in the development, implementation and monitoring of a strategic, comprehensive enterprise information security and information technology (IT) risk management program to ensure the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
---Build, develop and manage effective cyber threat and policy governance security organizations, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and conducting annual performance reviews.
---Facilitate information security governance through guidance & participation in an information security steering committee.
---Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
---Develop and manage information security budgets.
---Create and manage information security and risk management awareness training programs for applicable employees and contractors.
---Work directly with the business units to facilitate IT risk assessment and risk management processes. Work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
---Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.
---Develop and enhance an information security management framework based on, but not limited to: The International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST 800-53, 800-171).
---Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
---Ensure security programs are compliant with relevant contracts, laws, regulations and policies to minimize or eliminate risk and audit findings.
---Aid in defining and facilitating the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
---Manage security incidents and events to protect IT assets, including intellectual property, regulated data and the company's reputation.
---Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Report on any data exfiltration within program guidelines.
---Conduct risk assessments for Ball Aerospace-wide processes and make major system risk decisions.
---Responsible for selecting solutions to enhance security controls to include security policies and procedures consistent with State, Federal, and contractual obligations.
---Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security.
---Understand and interact with related disciplines through committees ensuring consistent application of policies and standards across all technology projects, systems and services, including (but not limited to) privacy, risk management, compliance and business continuity management.
---Maintain a regular and predictable work schedule.
---Establish and maintain effective working relationships within the department, the Strategic Business Units, Strategic Support Units and the Company. Interact appropriately with others in order to maintain a positive and productive work environment.
---Perform other duties as necessary. What you'll need:
---BS/BA degree in a related field plus 15 or more years of related experience.
---Each higher-level degree, i.e., Master's Degree or Ph.D., may substitute for two years of experience. Related technical experience may be considered in lieu of education. Degree must be from a university, college, or school which is accredited by an agency recognized by the US Secretary of Education, US Department of Education.
---Master's degree is highly preferred. Other security-related certifications are highly desirable. (e.g. CISSP, CISM, CISA, etc.)
---Minimum of five years serving in senior leadership roles, and minimum of 10 years of experience in a combination of risk. management, information security and/or IT Security related roles.
---Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives in a dynamic environment.
---Proven track record of partnering directly with executive leadership and aligning security initiatives with IT and Business strategy/objectives.
---Knowledge of common information security management frameworks, such as NIST 800-171, CIS Top 20, ISO/IEC 27001, and ITIL.
---Excellent written and verbal communication skills, interpersonal and collaborative skills.
---Ability to effectively and clearly communicate security and risk-related concepts to technical and nontechnical audiences.
---Must be a critical thinker, with strong problem-solving skills, project management skills: financial/budget management, scheduling and resource management.
---A strong solution orientation with a penchant for not only identifying problems but also finding ways of solving them within typical business constraints.
---Ability to lead and motivate cross-functional, interdisciplinary teams to achieve strategic goals.
---Ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
---High degree of initiative and ability to work with little supervision.
---Department of Defense and/or Defense and Aerospace industry experience preferred.
---Top Secret Security clearance is highly desirable, with the ability to acquire and maintain this level of clearance. Working Conditions:
---Work is expected to be performed in an office environment, laboratory, clean room, or production floor.
---Must be able to work efficiently & effectively in a remote environment when necessary
---Travel and local commute between Ball campuses and other possible non-Ball locations may be required.-- Future Clearance Required: A current DoD clearance and/or SCI access with Polygraph is not required to be eligible for this position, however applicant must be willing and eligible for submission within 60-90 days after an offer is accepted and must be able to maintain the applicable clearance/access. By applying to this position, you are agreeing to complete a National Security Clearance Pre-Screen Questionnaire to evaluate your general ability to obtain the required security clearance or government customer access associated with this position. Relocation for this position is available US CITIZENSHIP--IS REQUIRED Ball Aerospace is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Keywords: Ball Aerospace, Denver , Information Security Director, Executive , Westminster, Colorado