Director, Information Security


Lincoln, NE Cybersecurity
Responsible for establishing, implementing, monitoring and enforcing a corporate-wide information security management program to help ensure that information assets are protected.

At Ameritas, fulfilling life is what we do daily. We continuously strive to help our customers and employees enjoy life at its very best by reducing uncertainty, helping grow assets and protecting what is most cherished. We're here to help people put worry behind and the future ahead and help enable a life that's rich in family, happiness, health and financial security. When lives are fulfilled, our mission is fulfilled.

The Director, Information Security is responsible for proactively identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company. This role has responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures and overseen by a security governance program.

Essential Job Functions

Program Leadership

* Responsible for the daily leadership of the information security program reporting to the Chief Information Security Officer.
* Develops, implements and monitors a strategic, comprehensive enterprise information security program to ensure that the integrity, confidentiality and availability of information that is owned, controlled, or processed by Ameritas.
* Leads the Cybersecurity compliance activities that enable the business to become and remain compliant with various regulatory programs to include PCI, GLBA, and HIPAA.
* Facilitates information security governance through the implementation of a governance program.
* Creates security strategies, metrics, reporting mechanisms and program services; and creates a roadmap for continual program improvements.
* Provides regular and consistent reporting on the current status of the information security program.
* Develops and enhances an information security management and control framework based on appropriate information security industry standards to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the security.

Risk Management and Incident Response

* Keeps abreast of security incidents and acts as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
* Manages security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
* Develops, implements and administers technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
* Provides leadership, direction and guidance in assessing and evaluating information security risks and monitors compliance with security standards and appropriate policies.
* Creates a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.
* Examines impacts of new technologies on the company's overall information security.
* Establishes processes to review implementation of new technologies to ensure security compliance.

Policy, Compliance and Audit

* Leads efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information technology systems.
* Works with Internal Audit and outside consultants as appropriate on required security assessments and audits.
* Ensures that security programs follow relevant laws, regulations and policies to minimize risk and audit findings.
* Provides guidance, evaluation and advocacy on audit responses.
Builds and Directs a High Functioning Team
* Holds others accountable for conducting business in a legal and ethical manner while complying with policies, laws, and regulations related to business and employment.
* Oversees people processes and programs across the team to ensure talent for current and future needs by providing operational, functional, and technical leadership.
* Attracts, retains, and develops highly effective professionals and support staff.
* Determines work methods and directs the work of associates.
* Drives the establishment of performance goals and provides on-going feedback, coaching, and development to enhance the team's performance and capability, to facilitate open communication, and to encourage continuous performance improvement.
* Evaluates and determines the hiring, promotion, salary recommendations, and all employment-related decisions.
* Leads Security Engineering and Operations teams responsible for 24x7 operations and response.


* Candidates must have at least 10 years of experience leading technical teams in a leadership role.
* Candidates must have experience in at least area of regulatory compliance including HIPAA, PCI, NY-DFS, or others
* Candidates must be familiar with the NIST framework and have at least 5 years' experience leading security teams.

We are Ameritas: proud to say we're in the business of fulfilling life.

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

Job ID: 3356

Posted 2 months ago

Share This Job