Vice President, Information Technology Security
Supervise the organizations’ s cybersecurity governance, program, strategy, investment, management and reporting, working closely with company leadership, employees and its affiliates in an approach that is appropriate to our industry sector, our size and culture, our compliance obligations and our risk tolerance.
Essential Duties and Responsibilities:
- Manage the security department/group with responsibility for maintaining the group’s technical competence, training, professional certifications and updated threat awareness.
- Develop, document, implement and maintain a company-wide information security program to protect company information and information systems.
- Provide information security status, program effectiveness, incident experience and maturity posture briefings, updates and recommendations to the management team and Board of Directors regularly as per any regulatory requirements.
- Meet company requirements for role-based training, education and credentialing to ensure personnel with significant information security responsibilities receive adequate training with respect to such responsibilities.
- Implement and maintain company-wide continuous monitoring and standardized risk assessment processes.
- Communicate and enforce compliance with information security programs and information systems, throughout the company’s operations, relative to applicable information security laws, regulations, directives, standards, policies, and guidelines.
- Develop, maintain and distribute company-wide information security policies, procedures, and control techniques to provide direction for implementing the requirements of the information security program.
- Establish minimum, mandatory risk based technical, operational, and management information security control requirements for the company’s information security program, information, and information systems.
- Report material compliance failures and policy violations directly to the appropriate organizational officials for corrective actions.
- Develop, implement, and maintain security authorization and reporting capabilities, including the company’s security information repository as required by the information security program, and applicable policy and procedures, including data retention obligations.
- Coordinate with independent auditors, audit coordinators and other key officials to manage security program audits and audit responses.
- Assist CTO and CISO in coordination with the Privacy Officer/Counsel around all compliance obligations and during security incidents involving material non-public information (NPI), personally identifiable information (PII) and protected health information (PHI) and identify the company’s related controls and processes adequate to support our privacy objectives and regulatory requirements.
- Coordinate with company Facilities Management for physical security requirements.
- Ensure network security monitoring and intelligence that proactively monitors company systems and provide solutions such as comprehensive and automated endpoint services, anti-virus and anti-spyware/malware prevention and detection, firewall monitoring/management with intrusion detection and prevention, and ongoing patch management. Services should focus on:
- Access control
- Threat detection
- Behavioral monitoring
- Security intelligence
- Asset discovery
- Vulnerability management
Knowledge, Skills, and/or Abilities:
- Strong oral and written communication skills
- Strong client presence with project management, presentation and facilitation skills
- Well organized with the ability to handle several projects/clients simultaneously
- Proficiency with MS Office products, including Outlook, Word, Excel and PowerPoint
- Dedicated work ethic with a commitment to client service excellence
- Experience working in a team environment
- Oversee and provide expertise on the following cyber and information security risk management processes:
Data Protection
Employee Privacy
Encryption
Patch Management
Server Configuration
Social Media Policy
3rd Party Risk Management
Acceptable Use
Account Access Management
Business Continuity
Change Management
Data Classification
Desktop Security
Electronic Communication
Mobile Device
Network Access & Security
Network Configuration
Password Policy
Record Management
Security Incident Process
Security Awareness Program and Training Policy
Data Transfer
Information Security Policy
Account Administration (administrative & user)
Firewall Administration Procedures
Monitoring and Review Procedures
Remote Access Policies
Threat and Intrusion Detection
Incident Response & Forensics
Database Security Procedures
Privacy
Secure Software Development
Physical Access
Technical Testing and Remediation
Education and/or Experience:
- Bachelor’s degree required/master preferred in computer science, information security, mathematics or similar focus.
- 10-12 years’ experience, preferably 5 plus years in cyber security
Certificates, Licenses, Registration:
- CISSP and/or GRC/CRISC certification is required; CISA, or CISM are encouraged.
Back to top