- Manages Cybersecurity Governance Risk & Compliance Team. Primarily responsible for safeguarding information system assets from intentional or inadvertent disclosure, modification, disruption, or destruction. Develops, maintains, and executes cybersecurity risk management policies and standards. Manages the cybersecurity mitigation, remediation and risk register processes.
- Protects computer assets by developing security strategies; directing system control development and access management, monitoring, control, and evaluation.
- Provides oversight and continuous monitoring of compliance with cybersecurity policies and standards across the enterprise, including contractors and third party vendors.
- Establishes procedures and automated processes to efficiently assess and monitor the status of risk associated with assigned applications, systems, and networks. Develops recommendations and remediations plans to reduce risk to an acceptable level. Established cybersecurity risk acceptance processes and ensure key stakeholders and system owners are periodically updated regarding the cybersecurity hygiene of the assets they are responsible for managing.
- Work across the organization to determine the best means to educate the enterprise about Cybersecurity. Works closely with field offices identifying key cybersecurity gaps and develops specialized training to enhance cybersecurity practices.
- Develop metrics and compliance dashboards to monitor progress for security initiatives, measure effectiveness of security controls, and vulnerability remediation.
Credentials and Education:
- Bachelor’s Degree – field of study: Information Technology, Computer Science or Technology related experience
- Required: 8+ years' experience managing an enterprise level information security risk management program. Experience with policy development, managing and leading security initiatives, supporting audits; monitoring, reporting, and assessing risk.
- Hands on experience with Cybersecurity technical policy development, risk assessments, risk analysis, controls implementation/validation, and third-party vendor assessments.
- Must able to successfully operate with moderate direction and support, and use proper discretion when dealing with sensitive information.
- Demonstrated track record of sound decision making, taking ownership and delivering results in a leadership role
- Experience managing complex issues, and coordinating solutions across multiple business lines
- Demonstrated understanding of risk analysis, security policies and the National Institute of Standards and Technology, Health Insurance Portability and Accountability Act Security Rule and Payment Card Industry Data Security Standards.
- Demonstrated understanding of cybersecurity control and practices for both local on-premise and cloud environments.
- Expert communications skills, including a mastery of the English language both written and spoken
- Knowledge of networking, vulnerability assessment tools, risk management, threat intelligence, EDR solutions, Cloud Platform Security and have experience with SIEM technologies.
- Intermediate level of understanding of possible attack vectors such as network reconnaissance probing, scanning, Distributed Denial of Service, malicious code activity, etc.
Additional Skills/Specialized Training:
- Experience with cloud environments such as AWS.
- Experience with the MITRE ATT&CK Framework and Cyber Kill Chain
- Knowledge of common information security standards, such as ISO 27001/27002, NIST, CIS, and COBIT.
- Understanding of Cloud environments laaS/PaaS/SaaS
- CISA or CRISC required