Director Information Security

Comsys Information Technology Services, a leader in IT staffing, is supporting a client in Washington, D.C. They are seeking a Director Information SecurityDirector, Information SecuritySUMMARY OF POSITION:The Director, Information Security, under the joint direction of the Chief Technology Officer and Chief Information Officer, shall be responsible for planning, implementing, and maintaining the firm's long term Information Security program. The Director, Information Security shall work closely with other C-level Administrators in the firm and with the IT/IM/IRC management team, including IT Directors and managers, to ensure that IT security and data protection/privacy standards, practices, processes, and procedures are clearly communicated and upheld across departments and functional groups responsible for Information Technology within the firm, as well as among the firm's end-users. The Director, Information Security will interface from time to time with the firm's Technology Committee. The Director, Information Security shall supervise a staff of IT Security engineers, auditors, and other persons tasked with maintaining system and data integrity. The Director will be tasked with day-to-day operational responsibilities as well as security related projects.AUTHORITY:The Director, Information Security shall supervise a staff of IT Security Engineers, auditors, and other persons tasked with maintaining system and data integrity.SPECIFIC RESPONSIBILITIES:The Director shall oversee the firm's global security program, to include but not be limited to:1. Clear, concisely stated objectives for personal data privacy, client and firm data protection, and technology asset integrity2. Security oriented organization policies, procedures, and operating practices (jointly referred to as 'Security Operating Standards')3. Security awareness and training programs among staff responsible for Information Technology, as well as end users4. Network security, including ongoing hardening of the firm's network devices, implementation, monitoring, and maintenance of network based access controls, and protection of all network transmission mediums within the firm5. Network monitoring, system inventories, vulnerability assessments, and ongoing auditing of the firm's networked environment in keeping with the firm's Security Operating Standards6. Communication security, including protection of data and voice transmissions, protection of stored messages (voice and data), intrusion detection/prevention, message integrity, and message privacy7. Specification and use of appropriate security protocols and methods, whether for authentication (e.g., Kerberos, two-factor methods), transmission (e.g., S/MIME, HTTPS), storage (e.g., disk encryption), destruction, content filtering, web browsing control, or wireless data/voice8. Logical and physical access to the firms computing resources and data9. Active Directory architecture to optimize protection of information assets10. Group Policies and other related Active Directory policies11. Existing and new hosting services arrangements, both physical and contractual12. Incident response and management, along with forensics analysis, as may be required in the course of responding to network threats13. Ongoing hardening of the firm's server, workstation (desktops and laptops), and mobile device hardware14. Creation of and adherence to industry security best practices as they relate to custom application development by internal personnel, as well as code being utilized by applications, whether in-housed developed, COTS, or customized15. Program Management oversight of security related technical implementations16. Creation of industry best practices as they relate to database administration, data management, document management, and document/data transfer between or among internal parties and external parties17. Employment of ethical screens on document and data repositories as necessary to meet the firm's obligations to privileged, confidential, and private data18. Coordination of Hogan & Hartson security standards and architecture with affiliate organizations (e.g., subtenants, business partners) and clients to balance communication and collaboration needs with the firm's security objectives19. Assessment and recommendation of emerging standards, technology, and specific products necessary to ensure the firm achieves security and data protection objectives20. Coordination with Technology Committee, Ethics Committee, Compliance Committee, and other management entities to align the IT security program with legal, ethical, and business demands21. Structure a system and data auditing program designed to periodically assess the effectiveness of policies and procedures, risks, and compliance with standards. Employ auditing to administrative departments, IT, practice areas, and offices. Identify risks and carry out remediation actions in coordination with audited groupsQUALIFICATIONS:1. 8-10 years of experience in information technology positions, with 3-5 years experience in a role exclusively focused on IT security assessment, planning, or project management.2. 3-5 years of experience in a professional services organization (such as a law firm, accounting practice, or similar data-intensive operation) preferred.3. Significant hands-on enterprise systems technical experience, to include Microsoft operating systems and applications, Cisco networking, Dell, HP hardware, and experience designing or managing secure remote access systems (i.e. Citrix, VPN).4. Detailed technical understanding of common networking, communication, authentication, and encryption protocols such as SSL/TLS, NTLM, Kerberos, IPSec, TCP/IP (SMTP, HTTP, FTP, and other link, network, transport, and application layer protocols), LDAP, RADIUS, PGP, H.323, SIP, IRC, ICA, and BitTorrent and other P2P protocols.5. Prior experience working within or deploying a recognized information security framework or standard, such as ISO 17799 or FIPS is a plus.6. Strong writing, speaking skills.7. Proven ability to manage competing priorities and work under pressure.8. Flexibility to travel.9. College degree required.10. Current information security certification a plus.11. A global perspective on privacy, security, and data protection issues and trends.12. Proven ability to identify and implement best practices and to successfully mold security programs to business operations.REPORTING RELATIONSHIP:The Director, Information Security reports to the Chief Technology Officer and has a matrix reporting relationship to the Chief Information Officer.OFFICE REQUIREMENTS:The Director, Information Security will maintain office hours totaling at least 8 hours each day, Monday through Friday, although he/she will be expected to work additional hours as required. Willingness and flexibility to work the hours necessary to meet security program objectives is expected.The Director, Information Security is an exempt employee for Federal Wage/Hour purposes.This job description sets forth authorities and responsibilities of the Director, Information Security and may be changed from time to time, as determined by the Chief Technology Officer and Chief Information Officer. Apply Now Location: WASHINGTONStatus: Full Time, EmployeeJob Category: IT/Software DevelopmentCareer Level: Experienced (Non-Manager) About COMSYS COMSYS IT Partners, Inc. (NASDAQ: CITP) is a leading information technology services company with 44 offices across the U.S. and offices in Canada and the U.K. Leveraging more than 30 years of experience, COMSYS service offerings include contingent staff aug-mentation, permanent recruiting and placement, vendor management and project solutions, including network design and management, customized software development and maintenance, software globalization/localization translation services and implementation and upgrade services for SAS, business intelligence and various ERP packages. For more information, visit www.comsys.com.COMSYS is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law. View all COMSYS opportunities Learn more about COMSYS at www.comsys.com