Vice President, Information Technology Security

Supervise the organizations’ s cybersecurity governance, program, strategy, investment, management and reporting, working closely with company leadership, employees and its affiliates in an approach that is appropriate to our industry sector, our size and culture, our compliance obligations and our risk tolerance.

Essential Duties and Responsibilities:

• Manage the security department/group with responsibility for maintaining the group’s technical competence, training, professional certifications and updated threat awareness.
• Develop, document, implement and maintain a company-wide information security program to protect company information and information systems.
• Provide information security status, program effectiveness, incident experience and maturity posture briefings, updates and recommendations to the management team and Board of Directors regularly as per any regulatory requirements.
• Meet company requirements for role-based training, education and credentialing to ensure personnel with significant information security responsibilities receive adequate training with respect to such responsibilities.
• Implement and maintain company-wide continuous monitoring and standardized risk assessment processes.
• Communicate and enforce compliance with information security programs and information systems, throughout the company’s operations, relative to applicable information security laws, regulations, directives, standards, policies, and guidelines.
• Develop, maintain and distribute company-wide information security policies, procedures, and control techniques to provide direction for implementing the requirements of the information security program.
• Establish minimum, mandatory risk based technical, operational, and management information security control requirements for the company’s information security program, information, and information systems.
• Report material compliance failures and policy violations directly to the appropriate organizational officials for corrective actions.
• Develop, implement, and maintain security authorization and reporting capabilities, including the company’s security information repository as required by the information security program, and applicable policy and procedures, including data retention obligations.
• Coordinate with independent auditors, audit coordinators and other key officials to manage security program audits and audit responses.
• Assist CTO and CISO in coordination with the Privacy Officer/Counsel around all compliance obligations and during security incidents involving material non-public information (NPI), personally identifiable information (PII) and protected health information (PHI) and identify the company’s related controls and processes adequate to support our privacy objectives and regulatory requirements.
• Coordinate with company Facilities Management for physical security requirements.
• Ensure network security monitoring and intelligence that proactively monitors company systems and provide solutions such as comprehensive and automated endpoint services, anti-virus and anti-spyware/malware prevention and detection, firewall monitoring/management with intrusion detection and prevention, and ongoing patch management. Services should focus on:
• Access control
• Threat detection
• Behavioral monitoring
• Security intelligence
• Asset discovery
• Vulnerability management

• Strong oral and written communication skills
• Strong client presence with project management, presentation and facilitation skills
• Well organized with the ability to handle several projects/clients simultaneously
• Proficiency with MS Office products, including Outlook, Word, Excel and PowerPoint
• Dedicated work ethic with a commitment to client service excellence
• Experience working in a team environment

• Oversee and provide expertise on the following cyber and information security risk management processes:
  • 
    Data Protection
    
    Employee Privacy
    
    Encryption
    
    Patch Management
    
    Server Configuration
    
    Social Media Policy
    
    3rd Party Risk Management
    
    Acceptable Use
    
    Account Access Management
    
    Business Continuity
    
    Change Management
    
    Data Classification
    
    Desktop Security
    
    Electronic Communication
    
    Mobile Device
    
    Network Access & Security
    
    Network Configuration
    Password Policy
    Record Management
    
    Security Incident Process
    
    Security Awareness Program and Training Policy
    
    Data Transfer
    
    Information Security Policy
    
    Account Administration (administrative & user)
    
    Firewall Administration Procedures
    
    Monitoring and Review Procedures
    
    Remote Access Policies
    
    Threat and Intrusion Detection
    
    Incident Response & Forensics
    
    Database Security Procedures
    
    Privacy
    
    Secure Software Development
    
    Physical Access
    Technical Testing and Remediation

• Bachelor’s degree required/master preferred in computer science, information security, mathematics or similar focus.
• 10-12 years’ experience, preferably 5 plus years in cyber security

• CISSP and/or GRC/CRISC certification is required; CISA, or CISM are encouraged.