Crain Communications
Director of IT Security
Crain Communications, Chicago, Illinois, United States, 60290
Crain Communications is seeking an experienced and hands-on Director of IT Security to lead and shape our cybersecurity and infrastructure strategy. Reporting to the VP of Technology and Product, this new role will be integral to ensuring the security and operational excellence of our corporate infrastructure and supporting the diverse needs of our global operations.
The ideal candidate will have a proven track record in senior leadership roles (Director/VP-level) and expertise in both on-premises infrastructure and modern SaaS/cloud environments. In addition to technical acumen, you must excel in educating staff, implementing robust security systems and processes, and mitigating social engineering threats across a growing organization of 600+ employees.
This role is based in Detroit, Michigan, with a hybrid work arrangement. Remote opportunities are available for the right candidate, but some regular travel will be required.
Key Responsibilities:
Strategic Leadership:
Develop and execute a comprehensive IT security strategy covering on-premises, SaaS, and cloud environments. Collaborate with executive leadership and department heads to align security goals with business objectives. Stay ahead of emerging threats, trends, and technologies to continuously enhance Crain's security posture. Operational Excellence:
Oversee and manage all aspects of IT security for corporate systems and global infrastructures across North America, Europe, and Asia. Lead the evaluation, selection, and implementation of security tools, managed services, and infrastructure upgrades. Provide technical guidance on integrating security best practices across IT operations and development teams. Cybersecurity and Awareness:
Implement advanced defenses against social engineering attacks, including phishing and smishing. Conduct regular security training and awareness programs for staff across the organization. Promote a risk-aware culture through regular communication and education initiatives. Develop and enforce security policies, procedures, and compliance standards. Risk Management:
Monitor, assess, and address vulnerabilities across IT systems, personal computers, applications, and networks. Lead incident response efforts and manage recovery processes in case of breaches or threats. Ensure compliance with relevant regulations, including data protection and privacy standards. Conduct regular risk assessments and evaluation of technology and cybersecurity risks and provide/implement mitigation. Ensure timely escalation of critical risks and incidents. Oversee the incident response process and ensure effective management of cyber incidents. Conduct post-incident reviews and recommend improvements to prevent future occurrences. Coordinate with external auditors for technology and cybersecurity risk audits, including PCI and HIPAA compliance. Qualifications:
7+ years of experience in IT security roles, with at least 3 years in Director/VP-level positions. Hands-on expertise in managing on-premises hardware, SaaS applications, and cloud infrastructures (e.g., AWS, Azure, Microsoft inTune or Google Cloud). Deep understanding of cybersecurity frameworks, such as NIST, CIS Controls, or ISO 27001. Proven experience in designing and implementing systems to prevent social engineering threats. Exceptional leadership, communication, and organizational skills. Relevant certifications such as CISSP, CISM, or CEH are highly desirable. Knowledge of data privacy laws and regulations. This position is exempt under the Fair Labor Standards Act and is not eligible for overtime pay. Pay Transparency Disclosure:
The estimated base salary range for this position is $200,000 to $220,000. The final salary offering will take into account a wide range of factors, including experience, accomplishments, and location. The salary range provided should not be considered as a salary limit or cap. In addition to base salary, Crain also offers competitive benefits including retirement plan savings contributions and bonus opportunities based on individual and company performance. About Crain Communications:
Crain Communications is a leading business news and information company with a portfolio of 24 media brands that provide indispensable coverage and data for professionals globally and across sectors, including advertising, automotive, finance, healthcare, staffing, and workforce solutions. Many of Crain's brands are the most influential media properties in the industries and communities they serve, including Ad Age, Automotive News, Pensions & Investments, Modern Healthcare, Staffing Industry Analysts, as well as Crain's regional business brands. For more than a century, our dedication to deep sector expertise and journalistic integrity has enabled us to provide trusted insights across all our platforms, empowering today's business leaders to make industry-shaping decisions. To learn more about Crain Communications, visit crain.com.
#J-18808-Ljbffr
Strategic Leadership:
Develop and execute a comprehensive IT security strategy covering on-premises, SaaS, and cloud environments. Collaborate with executive leadership and department heads to align security goals with business objectives. Stay ahead of emerging threats, trends, and technologies to continuously enhance Crain's security posture. Operational Excellence:
Oversee and manage all aspects of IT security for corporate systems and global infrastructures across North America, Europe, and Asia. Lead the evaluation, selection, and implementation of security tools, managed services, and infrastructure upgrades. Provide technical guidance on integrating security best practices across IT operations and development teams. Cybersecurity and Awareness:
Implement advanced defenses against social engineering attacks, including phishing and smishing. Conduct regular security training and awareness programs for staff across the organization. Promote a risk-aware culture through regular communication and education initiatives. Develop and enforce security policies, procedures, and compliance standards. Risk Management:
Monitor, assess, and address vulnerabilities across IT systems, personal computers, applications, and networks. Lead incident response efforts and manage recovery processes in case of breaches or threats. Ensure compliance with relevant regulations, including data protection and privacy standards. Conduct regular risk assessments and evaluation of technology and cybersecurity risks and provide/implement mitigation. Ensure timely escalation of critical risks and incidents. Oversee the incident response process and ensure effective management of cyber incidents. Conduct post-incident reviews and recommend improvements to prevent future occurrences. Coordinate with external auditors for technology and cybersecurity risk audits, including PCI and HIPAA compliance. Qualifications:
7+ years of experience in IT security roles, with at least 3 years in Director/VP-level positions. Hands-on expertise in managing on-premises hardware, SaaS applications, and cloud infrastructures (e.g., AWS, Azure, Microsoft inTune or Google Cloud). Deep understanding of cybersecurity frameworks, such as NIST, CIS Controls, or ISO 27001. Proven experience in designing and implementing systems to prevent social engineering threats. Exceptional leadership, communication, and organizational skills. Relevant certifications such as CISSP, CISM, or CEH are highly desirable. Knowledge of data privacy laws and regulations. This position is exempt under the Fair Labor Standards Act and is not eligible for overtime pay. Pay Transparency Disclosure:
The estimated base salary range for this position is $200,000 to $220,000. The final salary offering will take into account a wide range of factors, including experience, accomplishments, and location. The salary range provided should not be considered as a salary limit or cap. In addition to base salary, Crain also offers competitive benefits including retirement plan savings contributions and bonus opportunities based on individual and company performance. About Crain Communications:
Crain Communications is a leading business news and information company with a portfolio of 24 media brands that provide indispensable coverage and data for professionals globally and across sectors, including advertising, automotive, finance, healthcare, staffing, and workforce solutions. Many of Crain's brands are the most influential media properties in the industries and communities they serve, including Ad Age, Automotive News, Pensions & Investments, Modern Healthcare, Staffing Industry Analysts, as well as Crain's regional business brands. For more than a century, our dedication to deep sector expertise and journalistic integrity has enabled us to provide trusted insights across all our platforms, empowering today's business leaders to make industry-shaping decisions. To learn more about Crain Communications, visit crain.com.
#J-18808-Ljbffr