Develop an information security vision and strategy that is aligned to organizational priorities.
Participate in strategic and operational governance processes.
Manage the information security management system.
Lead strategic information security planning to achieve business goals by prioritizing initiatives and coordinating the evaluation, deployment, and management of current and future technologies using a risk-based assessment methodology.
Provide regular reporting on the current status of the information security program to a variety of audiences including senior management.
Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices and regulatory requirements.
Manage the budget for the information security function, monitoring and reporting discrepancies.
Manage the information security organization, including hiring, development, retention and performance management.
Define and communicate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies.
Participate in feasibility studies and conduct risk assessments for software and systems under consideration for purchase and make recommendations.
Ensure that any new software and integration into company systems meet security requirements.
Act as advocate and primary liaison for the company’s information security vision via regular communications with the senior leadership, department heads, and employees.
Create a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
Work closely with the technology and product departments on corporate technology development to fully secure information, computer, network, and processing systems.
Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.
Recommend and implement changes in security policies and practices in accordance with changes in local or federal law.
Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company’s reputation.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management program goals.
Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas.
Facilitate and support the development of asset inventories.
Promote and oversee strategic security relationships between internal resources and external entities, including vendors, and partner organizations.
Remain informed on trends and issues in cybersecurity, including current and emerging technologies and threats. Advise, counsel, and educate executive and management teams on their relative importance and organizational impact.

Requirements

Bachelor’s degree in Computer Science or Business Administration is Required.
10+ years of experience in Senior People Leadership roles in Information Security and IT is Required.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) is an asset.
Knowledge of common information security management frameworks, such as NIST, including 800-53 and Cybersecurity Framework is RequiredISO/IEC 27001, ITIL, COBIT in addition are preferred.
GSEC, Cloud Certs (AWS/GCP Architecture level & Security Specialty Preferred), OSCP, or relevant SANS certifications preferred.
Demonstrable hands-on experience securing complex, tech forward cloud environments required.
Experience with ISO, SOC and SOX compliance required.

Benefits

Competitive salary, stock options, flexible vacation
Medical, Dental and Flexible Spending Account (FSA)
Company Matched 401(k)
Unlimited PTO (Within reason)
Talented co-workers and management
Agile Development Program (For continued learning/professional development)
Paid Paternity & Maternity Leave

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

information security managementrisk assessment methodologydisaster recovery policiesincident response planssecurity policies enforcementcloud securitybudget managementsecurity program reportingsystem security administrationsecurity incident management

Soft skills

leadershipcommunicationstrategic planningcollaborationadvocacyproblem-solvingorganizational skillsstakeholder engagementteam developmentperformance management

Certifications

CISSPCISMCISACRISCGSECAWS Certified Security SpecialtyGCP Security SpecialtyOSCPSANS certificationsCloud Certifications