GENERAL JOB DESCRIPTION

The Director, IT Security & Privacy will ensure Club Car operates securely by developing practical, robust IT security and privacy processes and systems which protect the company’s business, data, customers, suppliers and teammates.

PRIMARY DUTIES AND RESPONSIBILITES

Incident Response and Coordination

• Maintain Club Car’s IT Incident Response Plan, including incident escalation framework and key incident-specific playbooks (e.g., ransomware), and serve as lead cybersecurity representative in incident response.
• Ensure appropriate tactical incident response protocols and processes to detect, respond, and remediate cybersecurity events.
• Oversee investigation capability, to include leveraging internal and external forensics and evidence collection and preservation, under the supervision of the legal counsel, as appropriate.
• Conduct tabletop exercises to build response capability at all levels.
• Lead after-action reviews and identify and implement lessons learned to drive security improvements.

Cybersecurity Governance, Risk and Compliance Management

• Develop and implement Club Car’s comprehensive cybersecurity strategy and roadmap, reflecting the Club Car’s operational drivers and desired business outcomes, risk tolerance, and evolving risks, threats, and vulnerabilities. 
• Extensive knowledge of information security principles, cybersecurity frameworks (e.g., CIS, NIST, ISO 27001), and risk management practices.
• Develop senior leader awareness and buy-in of cybersecurity program and initiatives, including reporting to leadership on cyber initiatives and strategy, program assessments, changes to risk profiles, and specific events.
• Assess current MSSP and MSP cybersecurity teams and define program governance, including defining roles and responsibilities.
• Establish, with senior leaders, cyber risk thresholds and risk management approach.
• Build and implement cyber risk quantification and risk prioritization of initiatives.
• Develop protocols to periodically review the appropriateness of the cybersecurity program, inclusive of administrative and technical controls and processes, with such review to include risk assessments, industry standard compliance reviews, and periodic, risk-based penetration testing.
• Develop vendor cybersecurity risk management program.
• Coordinate with senior leadership to ensure adequate resourcing of cybersecurity program.

Cybersecurity Program Management

• Oversee people, processes, and technology at all levels of the cybersecurity program to enable global operations.
• Develop and maintain all relevant information security policies and procedures, including for network infrastructure, specific applications, and services.
• Develop and maintain designated risk-based cyber safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
• Develop secure lifecycle processes and operations, reflecting risk, threat, and vulnerability identification.
• Ensure continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate.
• Manage cybersecurity audits, inclusive of client security audits and RFPs.
• Oversee development and implementation of role-based cybersecurity awareness programs and trainings.
• Lead company cybersecurity identity governance access and privileged access management solutions.
• Collaborate closely with legal counsel to ensure cybersecurity program meets all legal and contractual requirements.
• Manage, in close collaboration with IT team, all aspects of security for technology initiatives.
• Conduct regular internal and coordinate external security assessment and penetration tests to proactively test the effectiveness of security controls.
• Coordinate with compliance on remediation and program management.
• Assist in the design and implementation of disaster recovery procedures, integration points with business continuity and managing the rollout of IT-enabled recovery and continuity procedures.

OTHER DUTIES AND RESPONSIBILITIES

QUALIFICATIONS FOR THE JOB

Education:

• Bachelor's degree in Computer Science, Information Technology, System Administration, or a closely related field.
• Preferred Master’s degree in Computer Science, Information Technology.

Experience: 

• 10+ years of prior relevant experience in a Global setting.
• Relevant Certifications: CISSP, CCEP, CISM or other related field certifications highly preferred.
• Technical expertise of cloud architectures, especially Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure, networks, routers and switches, wireless technologies, active directory, and leading software applications. 
• Background in modern information security frameworks, technologies and practice.
• Experience in accrediting IT systems against multiple standards including NIST and working knowledge of relevant legal requirements including GPDR and CCPA.
• Experience supervising managed security service providers (MSSP) and working with infrastructure managed service providers (MSP).
• Experience overseeing vendor security audits and developing, implementing and maintaining a vendor risk management program.

KEY COMPETENCIES

• Strategic Thinker – Translates the IT operations roadmap into specific objectives and tactical plans for the IT service and operations team. Constantly thinks multiple years ahead with each initiative and decision.
• Drives Results – A bias toward action; committed to delivering results and remediation of critical items within the IT service and operations organization. Acts to surpass goals, seizing opportunities to push the envelope. Sets continually higher goals that are ambitious but realistic for self and team, geared to organizational objectives centered on improving Club Car’s IT service and operations performance. Poise and ability to act calmly, competently, and professionally in high-pressure and/or high stress situations.
• Collaborator and Influencer - Invites the opinions and perspectives of others. Aligns and manages internal and external teams to achieve company’s goals and objectives. Adapts personal approach to respective environment and audience. Acts as an innovative IT operations leader, designing forward thinking solutions that enable growth and scalability. Supports new business opportunities with the lens of assessing service and operations complexity while enabling the business. Positions IT service and operations as a partner to the business with mutual intentions of achieving business goals and growth.
• Team Building – Works to align internal team and supplier partners with company goals and objectives while operating as a cohesive team providing consistent and quality service built on mutual respect.
• Technical Expertise – Knowledge of network frameworks (modern cloud computing design, operations, and supplier management), end user computing, ITSM, and virtualized and core infrastructure standards.

PHYSICAL REQUIREMENTS

• While performing the duties of this job, the employee is regularly required to talk or listen.
• This position may be required to stand, walk, sit, use hands to feel; reach with hand and arms, and stoop, kneel or crouch as needed.
• Specific vision requirements include the ability to see at close range, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Club Car is a diverse and inclusive environment. We are an equal employment opportunity employer, dedicated to hiring a diverse workforce including individuals with disabilities and United States qualified protected veterans.  

Discrimination of any type will not be tolerated at Club Car.