Responsibilities

• Assess internal processes, systems, hardware and software licensing, by collecting business requirements from stakeholders in order to analyze current state and make recommendations for the business going forward
• Develop, publish, and maintain comprehensive information security standards, policies, procedures, and guidelines including data classification and protection, as well as development and execution of an information security training and awareness program;
• Lead, in partnership with IT, Legal, Product, People, and other departments, the organization’s existing and prospective Information Security, Compliance and Privacy programs in accordance with industry standards and requirements, which includes, but is not limited to: ISO 27001, GDPR, COBIT, etc.
• Drive application and network security for all facets of Lucid
• Identify security exposures and develop mitigation plans
• Serve as project manager for the design and implementation of IT and Security policies
• Work closely with internal clients to implement large network or systems oriented projects
• Lead the implementation of best-practice security procedures, standards, and guidelines
• Develop and execute a vision and budget to support our rapid growth
• Manage and maintain relationships with Lucid security vendors and partners, including Lucid’s managed SIEM and Security Operations Center
• Work with a lean IT internal team, which means pinch hitting on the day-to-day maintenance and activities of IT support
• Review technology proposals for security and privacy controls and recommend adjustments to align with Lucid’s Information Security Policy
• Respond to client and vendor due-diligence requests for information security 
• Cultivate a sustainable, continual improvement program based on process maturity

Qualifications

• Bachelor's degree in computer science, mathematics, the sciences, engineering or other related technical fields
• 8+ years’ experience in managing large scale projects, leading teams, and managing networks and systems 
• Professional Certification such as CISSP, CISM, CISA, CRISC or equivalents
• Excellent customer service, with the proven ability to operate at all levels of the organization, including at the executive team level
• Experience with the design, development, and day-to-day management of systems
• Experience working in a regulated environment with in-depth knowledge of applicable laws and regulations as they relate to IT.
• Excellent project management skills, specifically must be able to think creatively, communicate technical ideas clearly, and influence decisions across teams and with senior leaders
• Substantial exposure to Software as a Service (SaaS), Infrastructure as a Service (IaaS), hardware platforms, enterprise software applications, and outsourced systems.
• Good understanding of computer systems characteristics, features, and integration capabilities.
• Comfort with leading teams and mentoring new administrators
• Experience with cloud-based IT solutions (Office 365, Google Apps, AWS, etc) 
• Experience managing and developing a security program aligned with an industry standard such as ISO-27002, COBIT, and NIST CSF
• Strong sense of empathy for end users working a fast-pace, high growth small to midsize company

Skills and Competencies

• Maintains strong problem solving and creative skills, able to act decisively in making solid, informed judgment calls in response to both the technological and critical regulatory environment and the day-to-day business issues;
• Ability to articulate security risks and vulnerabilities. 
• Ability to set priorities and balance likelihood and business impact against cost of remediation and competing business interests;
• Possesses effective communication and presentation skills to articulate policies, procedures and plans to senior level management; and
• Possess a competency in project management methodology.