Qualifications:
• Leads the organization in providing technical expertise in the areas of information security operations and compliance.
• Coordinates the technical aspects of organization-wide programs such as cybersecurity and risk awareness and cybersecurity and resiliency.
• Leads, researches, evaluates, and recommends security updates to strategic plans.
• Responsible for representing information security interests in strategic assignments and implementation projects to maintain the policies and controls used to protect the information assets. Education:
• Bachelor’s degree specializing in an information technology field from an accredited college or university, or equivalent combination of directly related education and/or experience.
- Master’s degree preferred.
• Information Security industry certification (SSCP, CISSP, GIAC, CISM, CISA, CCSP etc.). Experience:
• Eight or more years of relevant experience T
• hree to five years of cloud experience preferred (Azure or AWS) working with CSP and third-party SaaS solution providers preferred Knowledge Areas:
• NIST/COSO/ISO familiarity Cyber resiliency practices System Security Superior written and verbal communication skills.
• Project Management Technical Skills:
• Windows and UNIX systems Risk Management Middleware (e.g., application servers and RDBMS) Certifications/Licenses:
• Security Cert. Required: (Ex. CISSP / CISM / CSSLP / CRISC / CSSP) Advanced Security Cert.
• Preferred: (Ex. CISSP - ISSAP/ ISSMP/ ISSEP) Responsibilities:
• Develops and implements security procedures and recommends methods to comply with security requirements.
• Monitors and analyzes open source and internal data sources to identify trending security issues and alert management to developments, changes and shifts in risk. Contributes to risk assessments and reviews complex, technical documents, diagrams and plans to identify security requirements and recommend controls.
• Evaluates, designs, and implements processes and requirements to ensure compliance with security policies and procedures.
• In accordance with approved security frameworks, advises project and information security colleagues on information security requirements, compliance responsibilities and methods to protect resources and sensitive information.
• Consults with leadership and technology staff to categorize systems; implement and assess controls; manage resilience, and respond to and monitor risk. Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions and catalog remediation actions.
• Applies risk management frameworks such as NIST 800-37; utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle Leads the technical aspects of organization-wide programs; plans, develops, and delivers the technical aspects of such programs. Demonstrates high readiness level for Information Security Manager succession.
|