Responsible for enterprise cybersecurity programs and activities including data protection, incident response, threat management, vulnerability management, security architecture, security risk management, awareness training, policies and standards.
Duties/Responsibilities:
Work with third party security providers including SOC providers, managed security, MDR, pen testing, vulnerability scan providers, risk assessment and auditors.
Develop and enhance governance, information risk, compliance (GRC) and information security programs related to system and data protection efforts across the company.
Utilize a risk-based approach to manage information security.
Serves as primary cyber-security threat expert keeping apprised of emerging industry trends and strategies to mitigate threats.
Maintain and update incident response plans and lead incident response activities.
Maintain and update information security policies, requirements, and standards.
Develop, enhance and manage the security awareness program including employee phishing and social engineering exercises.
Develop innovative ways to provide security awareness.
Coordinate software development security code review.
Lead the security evaluation of new and existing technologies and standardize system security configurations.
Review third party contracts for security and data protection purposes.
Participate in BC/DR plans by implementing security best practices.
Perform various other tasks that may be assigned from time to time by Vice President and Chief Information Officer.
Education and/or Work Experience Requirements:
Bachelor’s degree from a four-year accredited college or university in Computer Science, Management Information Systems or related field required.
Minimum three (3) to five (5) years applicable work experience required, preferably in a small environment.
Certifications: Certified Information Systems Security Professional(CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Cloud Security Professional (CCSP), preferred.
Secure network architectures
Identity and access management principals
Cloud security best practices
Risk management frameworks
Virtualization technologies
Incident response methodology and management
Penetration and vulnerability management systems
Cybersecurity training programs including phishing, social engineering and compliance
Secure coding practices · Experience implementing security standards including NIST Cybersecurity Framework, ISO 27000 series, PCI-DSS, HIPAA and CIS Critical Security Controls
Strong problem solving, decision-making skills
Ability to prioritize and manage multiple tasks in a high-energy environment
Ability to document policies, standards, requirements and procedures
Ability to maintain confidential and/or proprietary information