Overview
Reporting to the Vice President, Information Security, this role is a senior leadership position responsible for the overall security strategy, operations, and financial management of the company’s information security program.
Key Responsibilities:
Cybersecurity Operations Monitoring
- Threat Detection and Reporting: Oversee the continuous monitoring of operations to detect and report potential security threats or incidents in real time.
- Threat Intelligence Integration: Stay abreast of emerging cybersecurity threats, trends, and ensure timely communication and integration of threat intelligence into security operations.
- Automated Monitoring Systems: Implement and manage advanced monitoring systems that ensure security anomalies are detected, analyzed, and acted upon swiftly.
Vendor Management & Third-Party Security
- Vendor Security Assessments: Lead the process of evaluating and managing third-party vendors to ensure they comply with the organization's information security policies.
- Contractual Obligations: Ensure that security requirements are included in all vendor contracts and that they meet necessary regulatory and compliance standards.
- Supply Chain Risk Management: Develop and maintain a risk-based process for assessing and mitigating risks from third-party vendors, supply chain partners, and external service providers.
Budget and Financial Management
- Budget: Develop and manage the information security department’s annual budget, making recommendations for funding both operational security needs and strategic initiatives.
- Financial Reporting: Perform regular financial reporting, including variance analysis, to ensure the department stays within its budget, and communicate financial impacts to senior leadership.
- Cost Management: Identify opportunities for cost savings and optimization in security tools and resources without compromising security posture.
Disaster Recovery & Business Continuity
- Disaster Recovery Plan: Develop and maintain a comprehensive disaster recovery and business continuity plan to ensure quick recovery of critical IT systems and minimize business disruptions.
- Business Impact Analysis: Collaborate with the VP of Finance Audit & Risk to perform regular Business Impact Analysis (BIA) and adjust disaster recovery strategies accordingly.
- Testing and Updates: Conduct regular disaster recovery tests to ensure the organization is fully prepared for potential incidents, continuously updating the plan based on lessons learned.
Audits, Compliance & Certifications
- Security Audits: Lead the execution of both internal and external security audits, ensuring that all policies, processes, and systems comply with the latest industry standards and regulations.
- Certification Management: Oversee the pursuit and maintenance of relevant information security certifications to demonstrate security controls are effective.
- Regulatory Compliance: Ensure compliance with all applicable legal, regulatory, and contractual information security requirements, including data privacy laws such as GDPR or CCPA.
Governance, Reporting & Metrics
- Reporting Structure: Establish regular reporting mechanisms to provide insights to the C-suite and Board of Directors on cybersecurity metrics, emerging threats, incidents, and risk mitigation efforts.
- Performance Metrics: Develop a cybersecurity performance framework with key operational metrics, and continuously measure the effectiveness of security initiatives.
- Board-Level Communication: Work closely with the Leadership team to provide quarterly updates on information security status and strategic progress to the Board's Audit Committee.
Qualifications:
Education:
- Required: Bachelor’s in IT, Computer Science, Business Administration, or related field.
- Preferred: Master’s in related field or MBA.
Experience:
- Required:
- 15+ years of progressive experience in IT operations, information security, and systems.
- CISSP certification.
- Strong communication, leadership, and business management skills.
- Expertise in security policies, risk management, and cybersecurity frameworks.
- Proven project management, budget management, and strategic execution skills.
- Expertise in network planning, operations, governance, risk, and compliance.
- Experience managing IT professionals and third-party vendors.
- 10+ years of experience in managing IT functions
- ITIL-based governance, data center operations, and organizational change management experience.
- Experience with network infrastructure strategy and next-gen networking technologies.
Job Types: Full-time, Permanent
Benefits:
- Company events
- Dental care
- Disability insurance
- Employee assistance program
- Extended health care
- Life insurance
- Paid time off
- Vision care
- Wellness program
- Work from home
Schedule:
Work Location: In person