Job VC
Information Security Director
Technologies
Description
The Information Security Director
manages all aspects of the information security systems program (ISSP) including the maintenance of security policies, requirements, processes, and associated reviews. The candidate will focus on information security and technology activities to identify, assess, control, and manage cyber risk throughout Forte Group.
Principle duties and responsibilities:
Ensure that Forte Group Information Security Systems Program (ISSP) meets all industry laws, regulations, standards, and compliance requirements
Manage and execute SOC 2, ISO 27001, and GDPR compliance programs
Structure and maintain the ISSP to be long term, so ultimately, we are not changing just behaviors but creating a secure culture
Develop and maintain IT/Security policies, standards, guidelines and oversee the dissemination of security policies and practices; identify knowledge gaps to increase company awareness of relevant information security practices
Develop and oversee the ISSP and the security compliance program budget
Act as the conduit to senior leadership on security risks and mitigation alternatives
Provide regular reporting on the current state of information security program to the senior management as appropriate
Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program
Liaise with relevant business units (such as Internal Audit, Legal, Finance, Risk Management, HR teams), and external agencies as needed to ensure that the company maintains a strong security posture. Establish strong relationships with department managers, teaching, advising, and mentoring in relation to security principles, policies and practices
Provide leadership and guidance on information security topics, advising and collaborating on security processes, business continuity, and disaster recovery plans
Conduct evaluations of technology procedures and processes to assess effectiveness of controls as well as to ensure alignment with business objectives and security requirements
Focus on information security and technology activities to identify, assess, control, and manage cyber risk throughout the company
Lead investigations of any actual or potential information security violations and manage escalation of security events
Ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software
Ensure IT/Security strategies and processes support company-wide goals
Work with administrators and developers to audit, monitor and validate their environment’s security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks
Ensure Information Security policies are enforced across your BU that you manage (including timely completion of the Information Security Awareness Training Courses). Ensure staff is aware how vital it is to report all suspected security and policies breaches to management. Ensure staff is aware of the consequences of not following security policies
Qualifications:
Skills:
Brings broad experience as well as a strong understanding of security concepts
Ability to communicate complex messages in a simple, clear and concise manner within our organization
Communicates tough issues to stakeholders and keeps an independent opinion
Providing management support in the form of organization, directing, and coordinating, planning and execution of all support activities
Must be able to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls
Have a positive, outgoing personality that loves working with and ultimately helping others
Certifications highly preferred like CISA, CISM, CRISC or CGRC
Experience:
Possess a minimum of 6 years of continuous experience in the field of cyber-security logistics support and/or management
Sufficient experience in effectively communicating with higher level personnel in order to interface with all levels of management
Experience in the financial, futures or brokerage industry as well as program/project management experience, business analysis, and strategic planning skills are highly preferred
Experience in or comfortable with getting in front of groups of people and presenting
Education:
Bachelor’s Degree or equivalent work experience required with a higher education degree preferred
We offer
Work your way — anywhere, anytime. Our remote-first approach lets you choose where and how you work best!
Experience working with diverse teams and gaining international expertise
A friendly, supportive team and an enjoyable work environment where your ideas matter
A chance to work on exciting, challenging projects using cutting-edge technologies that make a real impact
Comprehensive health insurance, corporate psychologist access, and partial sports activity coverage
Free training programs, reimbursement for certifications, and access to online learning platforms to fuel your growth
Paid vacation, public holidays, and sick leave are fully covered by Forte Group
Referral bonuses, regular performance reviews, and full support for business trips
Corporate events and holiday presents
Join a team that invests in your well-being, growth, and success!
manages all aspects of the information security systems program (ISSP) including the maintenance of security policies, requirements, processes, and associated reviews. The candidate will focus on information security and technology activities to identify, assess, control, and manage cyber risk throughout Forte Group.
Principle duties and responsibilities:
Ensure that Forte Group Information Security Systems Program (ISSP) meets all industry laws, regulations, standards, and compliance requirements
Manage and execute SOC 2, ISO 27001, and GDPR compliance programs
Structure and maintain the ISSP to be long term, so ultimately, we are not changing just behaviors but creating a secure culture
Develop and maintain IT/Security policies, standards, guidelines and oversee the dissemination of security policies and practices; identify knowledge gaps to increase company awareness of relevant information security practices
Develop and oversee the ISSP and the security compliance program budget
Act as the conduit to senior leadership on security risks and mitigation alternatives
Provide regular reporting on the current state of information security program to the senior management as appropriate
Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program
Liaise with relevant business units (such as Internal Audit, Legal, Finance, Risk Management, HR teams), and external agencies as needed to ensure that the company maintains a strong security posture. Establish strong relationships with department managers, teaching, advising, and mentoring in relation to security principles, policies and practices
Provide leadership and guidance on information security topics, advising and collaborating on security processes, business continuity, and disaster recovery plans
Conduct evaluations of technology procedures and processes to assess effectiveness of controls as well as to ensure alignment with business objectives and security requirements
Focus on information security and technology activities to identify, assess, control, and manage cyber risk throughout the company
Lead investigations of any actual or potential information security violations and manage escalation of security events
Ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software
Ensure IT/Security strategies and processes support company-wide goals
Work with administrators and developers to audit, monitor and validate their environment’s security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks
Ensure Information Security policies are enforced across your BU that you manage (including timely completion of the Information Security Awareness Training Courses). Ensure staff is aware how vital it is to report all suspected security and policies breaches to management. Ensure staff is aware of the consequences of not following security policies
Qualifications:
Skills:
Brings broad experience as well as a strong understanding of security concepts
Ability to communicate complex messages in a simple, clear and concise manner within our organization
Communicates tough issues to stakeholders and keeps an independent opinion
Providing management support in the form of organization, directing, and coordinating, planning and execution of all support activities
Must be able to demonstrate business, technical and industry knowledge while assessing business risks, identifying key controls, and performing risk-based testing of technology controls
Have a positive, outgoing personality that loves working with and ultimately helping others
Certifications highly preferred like CISA, CISM, CRISC or CGRC
Experience:
Possess a minimum of 6 years of continuous experience in the field of cyber-security logistics support and/or management
Sufficient experience in effectively communicating with higher level personnel in order to interface with all levels of management
Experience in the financial, futures or brokerage industry as well as program/project management experience, business analysis, and strategic planning skills are highly preferred
Experience in or comfortable with getting in front of groups of people and presenting
Education:
Bachelor’s Degree or equivalent work experience required with a higher education degree preferred
We offer
Work your way — anywhere, anytime. Our remote-first approach lets you choose where and how you work best!
Experience working with diverse teams and gaining international expertise
A friendly, supportive team and an enjoyable work environment where your ideas matter
A chance to work on exciting, challenging projects using cutting-edge technologies that make a real impact
Comprehensive health insurance, corporate psychologist access, and partial sports activity coverage
Free training programs, reimbursement for certifications, and access to online learning platforms to fuel your growth
Paid vacation, public holidays, and sick leave are fully covered by Forte Group
Referral bonuses, regular performance reviews, and full support for business trips
Corporate events and holiday presents
Join a team that invests in your well-being, growth, and success!