Since our founding in 1982, we’re proud that the culture we’ve built as a 100% employee-owned company as we have been recognized with over 70 Best Place to Work awards—including Best Workplace by Fortune Magazine three years in a row, Fortune Best Workplace for Women, Fortune Best Workplace for Millennials, Great Place to Work’s Best Workplace for Parents, and one of America’s Best Employers by Forbes.  At Shawmut, you will have the opportunity to own your career and deliver impact within our culture of ownership and innovation focused around providing the gold standard of client service for the world’s most recognizable and elite brands and institutions.

Here is a glimpse at what we are offering: 

• Health, Life, Long/Short Term Disability Insurance including Dental and Vision
• 401K with Match
• Generous Paid Time Off policy
• ESOP – be an employee owner!
• The Extras: cell phone, laptop, tuition reimbursement, discounted gym membership, pet insurance, auto & homeowner (mortgage network & insurance savings) and many more

The Director of Information Security is responsible for developing, maintaining, and communicating the Information Security Program. Initiatives are identified and defined based on a risk-oriented approach to mitigating threats and reducing exposures, and include defining strategic direction, security best practices, risk assessment, mitigation for threats (technology, process, or training), and metrics.

• Develop, publish, implement, and maintain comprehensive organization-wide information security strategy, plans, policies, procedures, and guidelines for protecting data, hardware, and the network in alignment with business objectives.
• Develop, administer, and maintain an information security training and awareness program that addresses business risks as well as regulatory and contractual requirements.
• Collaborate with IT and business leaders to define, communicate and prioritize risk mitigation initiatives.
• Lead the design and implementation of security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Manage and oversee the operation of security tools and technologies, including intrusion detection systems, firewalls, encryption tools, and vulnerability scanners.
• Oversee the integration and deployment of company-wide security solutions. Monitor security alerts and determine whether reported threats could impact company information or systems. Communicate applicable alerts to IT to address.
• Oversee incident response and investigation activities, including the coordination of resources and communication with stakeholders.
• Develop a risk-oriented approach to threat management. Oversee or perform specific risk assessments and develop recommendations to mitigate threats.
• Assess audit and assessment results; partner with IT to develop and maintain best practices for security of all internal systems.
• Investigate security incidents (e.g., breaches, fraud); develop enhancements to prevent future occurrence.

•  

  • Experience: At least 10 years information security and/or audit experience as a program manager or other management role driving technology, regulatory compliance, audit, or Information Security activities.
  • Education: Bachelor's degree (Masters preferred) in technology, risk or control-related degree or a related field or equivalent experience.
  • Certifications (preferred): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Protection Professional (CPP).
  • Additional Role Specific Skills:
    • Experience with development of risk management strategic initiatives
    • Experience with regulatory compliance initiatives (HIPAA, Massachusetts Data Privacy, CPA, etc.)
    • Strong technical skills in areas such as network security, application security, cryptography, and cloud security.
    • Experience with security tools and technologies, including SIEM, IDS/IPS, DLP, and endpoint protection.
    • Experience in performing assessments for risk or compliance and defining recommendations and initiatives to address findings.
    • Thorough knowledge and understanding of the Cyber Security marketplace. Ability to adequately maintain an up-to-date knowledge of the information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
    • Maintain professional relations with other information security professionals through structured information security organizations and informal networking. Promote individual knowledge through public presentations and speaking engagements.
    • Promote Shawmut’s information security knowledge and maturity through conversations and peer group meetings with others in the construction industry.

   

  CRITICAL SKILLS/ SPECIFIC COMPETENCIES

  • Ability to effectively communicate with senior leadership.
  • Ability to effectively communicate with persons at all levels of the company and effective change through partnering, collaboration and teamwork.
  • Ability to create targeted presentations and present to large groups in-person or virtually.
  • Outstanding relationship-building skills.
  • Ability to address topics in a well written, clear format.
  • Ability to create a culture of inclusion and belonging by acting with courage, humility, and curiosity; desire to learn about others and self-reflect.
  • Ability to build team relationships, stay organized, handle various projects at one time, follow up and make accurate decisions.