At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a Senior Director, Cyber Security and Privacy Compliance located at our corporate office in Brentwood, TN . Come join a team that is dedicated to making an impact for the people and communities we serve.

The Senior Director, Information Security and Privacy Compliance facilitates the effective planning, management, and governance of the CoreCivic Information Security Framework, which includes NIST 800-27 CSF, NIST 800-171, NIST 800-53 and Data Privacy. Coordinates and responds to all inquiries from internal and external audit teams related to the CoreCivic Technology services, initiatives, projects, platforms and products. Ensures that all processes related to the IT Security program and compliance initiative are successfully prioritized, launched, executed and delivered with regular status reporting. Manages and mentors staff members focused on security and compliance tools, as well as policy management.

• Establishes a comprehensive and strategic privacy and security compliance program that defines, maintains, develops, and implements processes and policies that enable compliant and effective privacy practices. Ensures confidentiality of protected health information in any format and provides standards, policies, privacy forms, and up-to-date procedures.\

• Supports and monitors ongoing compliance activities relative to applicable regulations and standards (e.g. NIST Cybersecurity Framework, NIST 800-30, NIST 800-53, DHS 4300A, HIPAA, HiTrust etc.).

• Supervises staff in the performance of their duties and evaluates as prescribed by company policy. This includes but is not limited to, training new employees, evaluating performance and preparing written performance reviews, listening to concerns and effectively resolving disputes or issues, taking corrective or disciplinary action, developing work schedules for staff and approving leave requests.

• Leads all Information Security projects, including managing line staff and executive relationships.Provides updates on project status/progress to CoreCivic Executive leadership and the Technology Steering Committee as needed.

• Collaborates on project budgeting as part of the Technology Management Team and Operations Finance.Works closely with project teams, Accounting, and Purchasing to ensure all acquisition efforts are performed on plan, with integrity, and fiscally responsible.

• Gathers required evidence from all functional areas necessary to demonstrate all required regulatory security controls are in place.Reports findings to the Department of Homeland Security (DHS) and other compliance agencies.

• Monitors and advises on security and privacy items related to systems and workflows, ensuring internal security controls for business operations are in place and adheres to applicable InfoSec regulations.Serves as an internal consultant to various levels of management and facility leadership regarding emerging technologies.

• Develops and reports security risk and compliance metrics for the enterprise, departments, processes, and individual assets and applications.

• Manages policy exceptions, identifies rationale and risks in support of exception requests, weighs effectiveness of compensating controls and makes recommendations relevant to and based on exception requests.

• Establishes and works with a multidisciplinary team, including audit and risk, Compliance, HR, Legal, business process owners, IT, Security and other internal stakeholders to ensure enterprise-wide coverage of the information security and privacy discipline.

• Works with industry leaders to develop and implement best practices for tuning, performance and functional administration of information security technologies.

• Domestic U.S. travel may be required.

Qualifications:

• Graduate from an accredited college or university with a Bachelor's degree in IT Security, Information Systems, Law, or a related field is required.

• Seven years of experience in Information Security or Compliance is required.

• Three years of supervisory experience is required.Additional related experience may be substituted for education requirement on a year-for-year basis.

• At least one of the following certifications or equivalent is required: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT), and one or more of: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)certifications.

• Solid understanding of the dependencies that exist between systems, servers, storage, database, network, and cloud-based components required.

• Strong understanding of regulatory compliance standards, particularly NIST Cyber Security Framework, NIST 800 series, SOC2, and Federal Risk and Authorization Management Program (FedRAMP) required.

• Strong understanding of security audit methodologies with management, oversight, and reporting of audits to the executive level and third parties required.

• Experience using GRC tools is required.

• Working knowledge of U.S. laws and regulations, such as HIPAA, Gramm-Leach-Bliley Act (GLBA), Privacy Shield certification process and U.S. (state and federal) privacy laws is preferred. Proficiency in Microsoft Office applications is required.

• U.S. Citizenship is required.

CoreCivic is a Drug-Free Workplace and EOE – including Disability/Veteran