Develop, implement, and continuously improve organizational information security policies, standards, and procedures.
Ensure alignment of security policies with organizational goals, regulatory requirements, and industry best practices (e.g., NIST, ISO 27001).
Monitor and enforce compliance with security standards for staff and third-party vendors.
Conduct regular audits, gap analyses, and performance assessments of security policies and controls, addressing deficiencies and making recommendations.
Conduct periodic risk assessments for IT systems, infrastructure, and vendors to identify vulnerabilities, threats, and weaknesses.
Work with internal teams to mitigate known vulnerabilities and prioritize remediation strategies.
Utilize vulnerability scanning tools and methodologies to proactively safeguard systems.
Supervise the management and monitoring of security information and event management (SIEM) systems to promptly detect and respond to security breaches.
Direct security incident response efforts, including managing containment, analysis, and remediation actions, and leading post-incident investigations.
Analyze root causes of security violations and design proactive measures to prevent recurrence.
Collaborate with cybersecurity teams, IT departments, and third-party vendors in supporting a robust incident response process.
Oversee configuration, management, and monitoring of security systems, such as firewalls, intrusion detection/prevention systems, encryption protocols, and antivirus software.
Safeguard sensitive data by managing access controls and permissions, ensuring compliance with data protection regulations such as GDPR, HIPAA, and CCPA.
Implement and enforce secure protocols for data at rest, in transit, and during processing.
Develop and deliver ongoing cybersecurity awareness and training programs to all organizational employees.
Advocate for a security-first culture by providing guidance and resources to non-technical teams.
Conduct phishing simulations and other exercises to assess and improve employee preparedness.
Ensure compliance with relevant laws, regulations, and standards, such as SOC 2, PCI DSS, FISMA, or other industry-specific requirements.
Maintain detailed documentation and prepare reports for stakeholders, auditors, and regulatory organizations.

Requirements

1-3 years of experience in the field for Level 1
4-7 years of experience in the field for Level 2
8 or more years of experience for Level 3
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (desired)
Minimum of 5 years of experience in information security, cybersecurity, or IT risk management (desired)
At least 2 years in a leadership or managerial role in information security (desired)

Benefits

Medical, Dental and Vision Insurance
Wellness Program
Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
Short-Term and Long-Term Disability options
Basic Life and AD&D Insurance (Company Provided)
Voluntary Life and AD&D options
401(k) Retirement Savings Plan with matching after one year
Paid Time Off

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information security policiessecurity standardsrisk assessmentsvulnerability scanningsecurity information and event management (SIEM)incident responsedata protection regulationsencryption protocolsfirewallsintrusion detection/prevention systems

Soft Skills

leadershipcollaborationcommunicationproblem-solvinganalytical thinkingtraining and developmentadvocacyorganizational skillsattention to detailstrategic thinking

Certifications

CISSPCISMCEHCompTIA Security+ISO 27001 Lead ImplementerNIST Cybersecurity Framework CertificationCertified Information Security ManagerCertified Information Systems AuditorGIAC Security EssentialsCertified Ethical Hacker