Apply Now

Director, Information Security

Chicago, IL, USA | Blue Chip Marketing Worldwide

  • Industry:
  • Position Type:
  • Functions:
    General Management
    IT / Information Technology
  • Experience:
    10-12 years
Job Description:
59 people have viewed this job

BC Worldwide is a diversified group of business units that includes a separate healthcare unit (Continuum Clinical) as well as a media relations and marketing organization (Blue Chip).

About Continuum Clinical 

Continuum Clinical (CC) is a global clinical trial enrollment company. At Continuum Clinical, we share a common mission and vision: to elevate interest, increase access, and enhance experiences in clinical trials to advance medical research for all. 

About Blue Chip 

Blue Chip, a part of BC Worldwide, is an independent, creative marketing agency based in Chicago with proven expertise in brand and shopper marketing. We're here to give incredible people the opportunity to make a difference. We offer the talent and scale of a holding company, with the urgency and ownership of a private agency.

Blue Chip and Continuum Clinical serve clients across the globe. 

Core Values  

•  Collaborative  

•  Genuine 

•  Kind & Compassionate  

•  Pride of Ownership & Accountability 

Job Summary 

The Director, Information Security will lead internal and external security of the organization’s information systems.  This position oversees and manages the company’s information and physical security risks and controls. The person in this position will partner with leaders in Continuum Clinical and Blue Chip to identify the company’s needs and goals from an information and physical security perspective and leverage the personnel, skill sets and technologies. Additionally, this individual will be responsible for recommending personnel expansion and advancing skill sets based on business need. 

Essential Duties and Responsibilities   

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Other duties may be assigned. 

•  Establishes and maintains the information security vision and programming to include policy creation, training, risk assessment, and security incident response to ensure information assets and technologies are adequately protected  

•  Analyzes and architects solutions to information technology cybersecurity threats that relate to confidentiality, integrity, and availability of data and systems

•  Supports, educates and advocates for best security practices across the organization in compliance with the organization’s established framework (eg, NIST) as well as legal and regulatory requirements

•  Identifies and advocates a security strategy and provides ROI analyses to recommends new spend, as appropriate

•  Facilitates and manages the development, modification, and operation of security protocols including intrusion detection and prevention systems to protect the organization’s information from breach or loss

•  Collaborates with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes

•  Develops and implements SOPs to safeguard digital and physical data from accidental or unauthorized modification, destruction, or disclosure

•  Directs an ongoing, proactive risk assessment program for all new and existing systems; remains familiar with the company’s goals and business processes so effective controls can be put in place

•  Monitors and restricts access to sensitive, confidential, or other high-security data

•  Demonstrates polished change management skills.

•  Quickly and accurately assesses complex situations and takes appropriate action, such as during security incidents

•  Recommends modifications to security protocols as required

•  Supports and contributes to client or vender audits, assessments, qualifications and/or requests for information (RFIs) 

•  Assists in reviewing client and vendor contracts specific to information security

•  Facilitates and manages the tech development, modification and operation of security protocols  

•  Maintains an understanding of security information and event management (SIEM) and security orchestration, automation and response (SOAR) platforms 

Compliance and Training  

•  Manages and oversees internal and external compliance related audit efforts 

•  Includes conducting periodic internal audits and due diligence checks of security protocols, evaluating systems for vulnerabilities 

•  Ensures that monitoring operations comply with all applicable government regulations and standards 

•  Organizes and leads the security incident response capability, preemptively engages with and trains stakeholders throughout the organization 

•  Reviews violations of security procedures; provides training to ensure violations do not recur 

•  Performs risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures 

•  Oversees cyber security component for our business continuity and disaster recovery efforts ensuring the organization is prepared for high-risk business disruptions 

•  Develops and/or provides training and guidance on acceptable use, risk management, incident response, and security protocols to employees 

•  Safeguards system security and improves overall server and network efficiency by training users and promoting security awareness 

Reporting and Communication  

•  Leads and motivates cross-functional, interdisciplinary teams to achieve tactical and strategic goals 

•  Develops, maintains and reviews reports of, and evaluates response to, any security incidents 

•  Provide regular updates to the compliance teams and Managing Partner regarding the status of company's risk posture and security program 

•  Periodically briefs senior management on status of security system and protocols

•  Member of the Risk Management Council (RMC) 

•  Partners with the Managing Partner to develop and manage budget for security related capital and operational expenses, training, and staff needs 

•  Shares BC Worldwide knowledge and stories actively across both business units 

•  Champions change, process and communication 

•  Promotes positive working relationships within the department, the company and the vendor community 

•  Complies with all corporate and departmental standard operating procedures  

•  Responsible for maintaining up to date weekly time tracking, per the Agency’s time tracking policy. 

•  Managers are responsible for ensuring that your direct reports maintain up to date weekly time tracking, per the Agency’s time tracking policy 

•  Demonstrates the mission, vision, values and culture principles of BC Worldwide

Education, Experience, Certifications and Memberships  

•  Bachelor’s degree in Computer Science/IT, Information Management, Engineering or equivalent; Master’s degree preferred 

•  10+ years of information security, IT operations and compliance experience 

•  5+ years of management experience 

•  Required certifications: CISSP (Certified Information Systems Security Professional) and /or CISM (Certified Information Security Manager) 

•  Preferred certifications: CISA (Certified Information Systems Auditor), CEH (Certified Ethical Hacker), CompTIA Security+ or comparable 

•  Demonstrated expertise with Microsoft Office Suite or related software needed to maintain reports and records. 

•  Demonstrated project management skills; financial/budget management, scheduling, and resource management


Other companies hiring with Ivy Exec

 Company Logos