Vice President, Information Technology Security


Supervise the organizations’ s cybersecurity governance, program, strategy, investment, management and reporting, working closely with company leadership, employees and its affiliates in an approach that is appropriate to our industry sector, our size and culture, our compliance obligations and our risk tolerance.

Essential Duties and Responsibilities:

  • Manage the security department/group with responsibility for maintaining the group’s technical competence, training, professional certifications and updated threat awareness.
  • Develop, document, implement and maintain a company-wide information security program to protect company information and information systems.
  • Provide information security status, program effectiveness, incident experience and maturity posture briefings, updates and recommendations to the management team and Board of Directors regularly as per any regulatory requirements.
  • Meet company requirements for role-based training, education and credentialing to ensure personnel with significant information security responsibilities receive adequate training with respect to such responsibilities.
  • Implement and maintain company-wide continuous monitoring and standardized risk assessment processes.
  • Communicate and enforce compliance with information security programs and information systems, throughout the company’s operations, relative to applicable information security laws, regulations, directives, standards, policies, and guidelines.
  • Develop, maintain and distribute company-wide information security policies, procedures, and control techniques to provide direction for implementing the requirements of the information security program.
  • Establish minimum, mandatory risk based technical, operational, and management information security control requirements for the company’s information security program, information, and information systems.
  • Report material compliance failures and policy violations directly to the appropriate organizational officials for corrective actions.
  • Develop, implement, and maintain security authorization and reporting capabilities, including the company’s security information repository as required by the information security program, and applicable policy and procedures, including data retention obligations.
  • Coordinate with independent auditors, audit coordinators and other key officials to manage security program audits and audit responses.
  • Assist CTO and CISO in coordination with the Privacy Officer/Counsel around all compliance obligations and during security incidents involving material non-public information (NPI), personally identifiable information (PII) and protected health information (PHI) and identify the company’s related controls and processes adequate to support our privacy objectives and regulatory requirements.
  • Coordinate with company Facilities Management for physical security requirements.
  • Ensure network security monitoring and intelligence that proactively monitors company systems and provide solutions such as comprehensive and automated endpoint services, anti-virus and anti-spyware/malware prevention and detection, firewall monitoring/management with intrusion detection and prevention, and ongoing patch management. Services should focus on:
    • Access control
    • Threat detection
    • Behavioral monitoring
    • Security intelligence
    • Asset discovery
    • Vulnerability management


Knowledge, Skills, and/or Abilities:
  • Strong oral and written communication skills
  • Strong client presence with project management, presentation and facilitation skills
  • Well organized with the ability to handle several projects/clients simultaneously
  • Proficiency with MS Office products, including Outlook, Word, Excel and PowerPoint
  • Dedicated work ethic with a commitment to client service excellence
  • Experience working in a team environment
  • Oversee and provide expertise on the following cyber and information security risk management processes:

    • Data Protection

      Employee Privacy

      Encryption

      Patch Management

      Server Configuration

      Social Media Policy

      3rd Party Risk Management

      Acceptable Use

      Account Access Management

      Business Continuity

      Change Management

      Data Classification

      Desktop Security

      Electronic Communication

      Mobile Device

      Network Access & Security

      Network Configuration
      Password Policy
      Record Management

      Security Incident Process

      Security Awareness Program and Training Policy

      Data Transfer

      Information Security Policy

      Account Administration (administrative & user)

      Firewall Administration Procedures

      Monitoring and Review Procedures

      Remote Access Policies

      Threat and Intrusion Detection

      Incident Response & Forensics

      Database Security Procedures

      Privacy

      Secure Software Development

      Physical Access
      Technical Testing and Remediation


Education and/or Experience:
  • Bachelor’s degree required/master preferred in computer science, information security, mathematics or similar focus.
  • 10-12 years’ experience, preferably 5 plus years in cyber security

Certificates, Licenses, Registration:
  • CISSP and/or GRC/CRISC certification is required; CISA, or CISM are encouraged.




Back to top