Director Of Information Security & Compliance

As the Director Information Security & Compliance at DBMG, you'll be responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected. This position is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. This position is responsible for maintaining IT General Controls for maintaining Sarbanes Oxley (SOX) compliance.

Core Responsibilities:

• Provide regular reporting on the status of the information security program, cybersecurity risk posture, and emerging threat landscape to enterprise risk teams and senior business leaders as part of a strategic enterprise risk management program.
• Develop, maintain, and continuously improve the enterprise cybersecurity strategy, including policies, standards, and procedures aligned with industry frameworks (e.g., NIST, ISO, CIS).
• Lead the organization's cybersecurity risk management program, including the identification, assessment, prioritization, and remediation of security risks across systems, applications, infrastructure, and third-party environments.
• Oversee security monitoring, vulnerability management, and threat detection activities, ensuring timely identification and remediation of vulnerabilities and potential security incidents.
• Establish and maintain incident response and cyber event management processes, including preparation, detection, containment, eradication, and recovery from cybersecurity incidents.
• Maintain and mature the organization's security architecture and security control framework, ensuring security is integrated into infrastructure, cloud platforms, applications, and DevOps processes.
• Work with vendors and third parties to ensure that information security and cybersecurity requirements are embedded in contracts, services, and vendor risk assessments.
• Create and manage a targeted security awareness and cybersecurity training program for employees, contractors, and approved system users, and establish metrics to measure the effectiveness of security education.
• Maintain an Enterprise Risk Register that drives the cybersecurity investment strategy, risk mitigation initiatives, and long-term security roadmap.
• Provide clear risk-mitigating directives for IT projects and initiatives, ensuring secure design principles and mandatory security controls are implemented across technology solutions.
• Collaborate with Infrastructure, DevOps, and application teams to ensure secure system configuration, patch management, identity and access controls, and data protection practices are implemented and maintained.
• Work with internal and external audit firms to ensure compliance with Sarbanes Oxley (SOX) and other regulatory or contractual obligations. Ensure IT General Controls (ITGCs) are effective, documented, and operate successfully. #LI-KF1