Director of Information Security

at UL, LLC in Evanston, Illinois, United States

Job Description

At UL, we know why we come to work.

What you’ll learn & achieve:

+ Develop and maintain a comprehensive information security program that includes policies, procedures, and guidelines that align with industry standards and best practices.

+ Conduct risk assessments to identify vulnerabilities and potential threats to the organization’s information systems, data, and intellectual property.

+ Develop and implement security measures to mitigate identified risks and ensure the highest level of security for all information systems, data, and intellectual property.

+ Ensure compliance with applicable laws, regulations, and industry standards related to information security. Monitor and audit access controls to ensure compliance with policies and regulations.

+ Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.

+ Establish and manage a Threat Intelligence function to identify potential threats and vulnerabilities to the organization.

+ Develop and maintain an Identity and Access Management (IAM) program that ensures appropriate access controls are in place for all critical assets and manage relevant policies, procedures, and guidelines.

+ Develop and maintain incident response plans to ensure the organization is prepared to respond to security incidents in a timely and effective manner.

+ Provide regular reports to the executive team, legal counsel and Board of Directors on the organization’s information security program and related activities.

+ Work collaboratively with other departments and stakeholders to ensure information security is integrated into all aspects of the organization’s operations.

+ Lead training and awareness initiatives to educate employees on information security best practices and ensure a culture of security throughout the organization.

+ Contribute to and/or lead other department specific and cross-functional initiatives.

What makes you a great fit:

+ Expert understanding of regulatory requirements, including GDPR, HIPAA, and PCI DSS.

+ Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.

+ Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only “dotted line” reporting lines exist.

+ Strong leadership and communication skills, with the ability to communicate complex technical issues to non-technical stakeholders.

+ Strong project management skills, with the ability to manage multiple projects simultaneously and deliver on-time, within budget, and to the required quality standards.

+ Strong vendor management skills, with the ability to manage relationships with multiple vendors.

+ Strong analytical and problem-solving skills, with the ability to quickly identify and resolve complex technical issues.

+ A thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process, and technology. While this role is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives.

+ Bachelor’s degree in Information Technology, Computer Science, or a related field.

+ Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.

+ Expertise in information security principles, practices, and technologies, including security architecture, network security, identity and access management, threat intelligence, and security operations.

+ Management experience leading teams, developing strategy, and executing plans.

+ Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

+ Professional security certifications such as CISSP, CISM, or CISA are highly desirable.

+ Management experience leading teams, developing strategy, and executing plans.

What you’ll experience working at UL:

+ Mission: For UL, corporate and social responsibility isn’t new. Making the world a safer, more secure, and sustainable place has been our business model for the last 128 years and is deeply ingrained in everything we do.

+ People: Ask any UL employee what they love most about working here, and you’ll almost always hear, “the people.” Going beyond what is possible is the standard at UL. We’re able to deliver the best because we employ the best.

+ Interesting work: Every day is different for us here as we eagerly anticipate the next innovation that our customers create. We’re inspired to take on the challenge that will transform how people live, work and play. And as a global company, in many roles, you will get international experience working with colleagues around the world.

+ Grow & achieve: We learn, work, and grow together with targeted development, reward, and recognition programs as well as our very own UL University that offers extensive training programs for employees at all stages, including a technical training track for applicable roles.

+ Total Rewards: All employees at UL Research Institutes and UL Standards & Engagement are eligible for bonus compensation. We offer comprehensive medical, dental, vision, and life insurance plans. a generous 401k matching structure of up to 5% of eligible pay. Additionally, we invest an additional 4% into your retirement saving fund after your first year of continuous employment. Depending on your role, you can