Director of Information Security & Compliance

Director of Information Security & Compliance

DBMG Headquarters - Phoenix, AZ 85016

Description

As the Director Information Security & Compliance at DBMG, you'll be responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected. This position is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. This position is responsible for maintaining IT General Controls for maintaining Sarbanes Oxley (SOX) compliance.

Core Responsibilities:

• Provide regular reporting on the status of the information security program, cybersecurity risk posture, and emerging threat landscape to enterprise risk teams and senior business leaders as part of a strategic enterprise risk management program.
• Develop, maintain, and continuously improve the enterprise cybersecurity strategy, including policies, standards, and procedures aligned with industry frameworks (e.g., NIST, ISO, CIS).
• Lead the organization's cybersecurity risk management program, including the identification, assessment, prioritization, and remediation of security risks across systems, applications, infrastructure, and third-party environments.
• Oversee security monitoring, vulnerability management, and threat detection activities, ensuring timely identification and remediation of vulnerabilities and potential security incidents.
• Establish and maintain incident response and cyber event management processes, including preparation, detection, containment, eradication, and recovery from cybersecurity incidents.
• Maintain and mature the organization's security architecture and security control framework, ensuring security is integrated into infrastructure, cloud platforms, applications, and DevOps processes.
• Work with vendors and third parties to ensure that information security and cybersecurity requirements are embedded in contracts, services, and vendor risk assessments.
• Create and manage a targeted security awareness and cybersecurity training program for employees, contractors, and approved system users, and establish metrics to measure the effectiveness of security education.
• Maintain an Enterprise Risk Register that drives the cybersecurity investment strategy, risk mitigation initiatives, and long-term security roadmap.
• Provide clear risk-mitigating directives for IT projects and initiatives, ensuring secure design principles and mandatory security controls are implemented across technology solutions.
• Collaborate with Infrastructure, DevOps, and application teams to ensure secure system configuration, patch management, identity and access controls, and data protection practices are implemented and maintained.
• Work with internal and external audit firms to ensure compliance with Sarbanes Oxley (SOX) and other regulatory or contractual obligations. Ensure IT General Controls (ITGCs) are effective, documented, and operate successfully.

Qualifications

Cybersecurity Operations & Resilience:

• Oversee business continuity and disaster recovery cybersecurity considerations.
• Lead tabletop exercises and incident simulations to validate response readiness.
• Coordinate with legal, risk, and communications teams during significant cyber events.

Work Experience

• 5-10 Years' experience

Education/Training

• BS in Computer Science or related field, or equivalent experience
• CISSP certification is required for this role; if you do not currently have this certification, you'll have 12 months to obtain it.

Software & Technology

• MS Windows 7 and/or MS Windows 10, MS Word, MS Excel, MS PowerPoint, and MS Outlook.
• Experience with Evotec and/or oversight Systems is highly preferred.

Work Environment

Position requires as many hours as needed to fulfill the daily and weekly obligations required to carry out the functions. Working long days, including evenings and weekends can be required for this position. This position is generally indoors in a climate-controlled office environment. Reasonable accommodations may be made upon request for those who have disabilities that qualify under the Americans with Disabilities Act.

DBM International is an Equal Opportunity Employer with an Affirmative Action Plan. (Apply Directly, No Agencies)