David D.

Details

About

Accountable for definition, deployment, management and optimization of the company-wide, best in class information security policies and practices e.g. (ISO) 27001/27002 standards, Audits - SOC 2, PCI DSS.

Liaise and coordinate with the Information Security, Corporate Compliance, Audit, Legal, and HR management teams, as required, to deploy and adhere to Information Security and Privacy Policies and Procedures against applicable legal regulations/standards

Perform gap analysis and recommendations to improve the security and privacy infrastructure to remove/mitigate risk.

Define and manage a critical security incident response process, and manage all security incidents and events to protect corporate IT assets (IP, regulated data, and etc.)

Develop enterprise-wide security programs for the identification, reporting, and remediation of information security concerns throughout the organization.

Identify, analyze and evaluate technology risk and measure the risk quantitatively and qualitatively; price out solutions in order to advise the business on the best risk solution portfolio.

Respond to RFPs, audits and other security documentation from Presidio’s customers

Function as the lead in the investigation of any actual or potential information security violations and manage escalation of security events; assist with disciplinary and legal matters associated with such violations as necessary.

Identify knowledge gaps, and ensure all employees, contractors and approved system users are trained on information security and risk management awareness through training programs or external training vendors.

Devise and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.



Experience - 15+ years



Security is a Journey not a Destination