Company Profile:

Dream. Create. Inspire. Improving the world through literacy.

Come join the team at Baker and Tayler to make an impact on community literacy!

o Who We Are/ B&T Values Statement

At Baker & Taylor, we are passionate about changing the world through literacy. We believe that education, access to content, and the freedom to explore are essential. We are dedicated to supporting our library partners across the world who tirelessly provide resources to foster the imagination of future generations and improve outcomes in their communities. Librarians are our heroes and championing and supporting their work is our purpose.

Baker & Taylor is committed to embracing diversity, equity, and inclusion to create an environment that both celebrates and evolves through the unique experiences and contributions of all team members.

Who You Are

The Director of IT Security is responsible for overall strategy and execution in establishing and maintaining an enterprise-wide, cost-effective information security program to safeguard the integrity of and access to enterprise systems and ensure that Baker & Taylor information assets are adequately protected.

· Responsible for maintaining the confidentiality, integrity, and availability of company data and ensuring compliance with privacy and security laws and best practices.

· This position leads a team of external partners in the planning, design, enforcement and audit of security controls, policies and procedures.

· Maintains knowledge of trends and threats in information security, and identifies where additional tools, technologies, controls, policies and procedures are required to appropriately manage Baker & Taylor risk.

· Evaluates and recommends security products, services and/or procedures to enhance productivity and effectiveness.

· Conducts information security investigations, eDiscovery activities and proactive monitoring of Baker & Taylor’s security profile.

Essential Duties and Responsibilities

Information Security Governance (20%)

· Establishes and maintains information security governance model.

· Assists in the development and execution of information security strategy and initiatives for the enterprise.

· Creates, maintains and socializes security policies across the enterprise.

· Provides guidance and recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.

§ Provides management with security briefings to advise them of critical issues that may affect Baker & Taylor’s overall security profile.

Risk & Compliance (40%)

· Coordinates annual PCI certification activities for all Baker & Taylor entities.

· Establishes, implements, and monitors compliance with security controls; communicates and tracks resolution of security exposures, misuse, and/or noncompliance situations; escalates as appropriate to senior leadership.

· Coordinates security assessments of internal and external facing information services; guides compliance with Baker & Taylor policy and customer requirements

· Oversees information security risk assessments of vendors, contracted services and other third-party services providers, and facilitates risk assessments for new business ventures.

· Performs security reviews for third party contracts involving Baker & Taylor data or systems. Assists in the response to security questionnaires, RFP responses, audits and contract reviews.

· Provides technical guidance on security best practices to network and application development teams.

· Establishes and manages execution of security training and education throughout the enterprise.

InfoSec Operations

· Designs processes and implements and manages tools that protect Baker & Taylor’s data and systems.

· Researches, evaluates, designs, tests, recommends and implements new or improved information security controls, tools, processes, software or devices.

· Maintains knowledge of potential and emerging information security threats, vulnerabilities, and control techniques and assists IT and business staff in understanding and responding.

· Leads investigations of and response to information security incidents.

· Conducts regularly scheduled management reviews with third parties that are part of Baker & Taylor’s overall security profile.

Work Environment

• Hybrid work environment remote and in office.

Required Skills & Experience

Certifications Required:

Certified Information Systems Security Professional (CISSP) required.

Additional certifications considered:

· Certified Ethical Hacking (CEH)

· EC-Council Certified Security Analyst (ECSA)

· Certified Information Systems Auditor (CISA)

· Certified Information Systems Manager (CISM)

Related Experience:

· Bachelor degree or equivalent - Computer Science, Engineering or related discipline OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.

· 7 +years related experience

· Strong written and oral communication skills and the ability to positively engage with the business community and IT management, staff and customers.

· 5 years related experience with cloud security architecture and design such as Azure, AWS and IBM

· Specific information security experience and CISSP required.

• Strong knowledge of security architecture for applications and infrastructure.
• Experience implementing PCI/DSS requirements and acquiring level 1 PCI certification. SOC2 certification preferred.
• NIST CSF framework experience desired.
• Ability to relate business requirements and risks to technology implementation for security-related issues.

· Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.

· Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert.

· Self driven, highly motivated with a strong customer focus. Strong analytical and problem-solving skills. Solid project management skills, especially in a cross-functional environment.

· Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people.

· Previous experience working with third party providers.

Physical Demands

§ Light Office Setting

§ Occasional Travel for short duration – 2-4 times per year.

Benefits

§ Participation in company health (medical, dental) insurance plans on the 1st of the month following your hire date

§ Company short-term and long-term disability benefits

§ Flexible PTO - In recognition of the professional environment in which we work, you will immediately be eligible to participate in the Company's pilot Flex PTO program

§ Under the Flex PTO program, you may use Flex PTO each year for PTO, illness or other personal time provided good standing and subject to business needs

§ There are no predefined number of Flex PTO days, nor do you earn or accrue paid time off under the Program

§ Career development and advancement opportunities

§ Climate controlled facility

Job Type: Full-time

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Employee discount
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Monday to Friday

Experience:

• Cloud Security Architecture: 5 years (Required)

Work Location: In person

Please Note :
clarksqn.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, clarksqn.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.